Binance freezes $3M from Ankr exploit

Binance CEO Changpeng Zhao revealed on Dec. 2 that the exchange froze around $3 million of the funds from Ankr’s hack.

Possible hacks on Ankr and Hay. Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hrs ago. Also froze about $3m that hackers move to our CEX.

— CZ 🔶 Binance (@cz_binance) December 2, 2022

Hacker exploits Ankr Protocol’s code

A hacker exploited a bug in Ankr Protocol’s code to mint six quadrillions of aBNBc token and converted part into $5 million USDC.

Blockchain security firm Peckshield said its analysis of the aBNBc token contract showed that it has an unlimited mint bug that allows for the arbitrary mint of the tokens.

Our analysis shows the $aBNBc token contract has an unlimited mint bug. Specifically, while mint() is protected with onlyMinter modifier, there is another function (w/ 0x3b3a5522 func. signature) that completely bypasses the caller verification to have arbitrary mint !!! https://t.co/h51e7xpcVf pic.twitter.com/caRgasNNHq

— PeckShield Inc. (@peckshield) December 2, 2022

Another blockchain security company, Beosin, tweeted that the attack was likely due to a private key compromise because the deployer changed the implementation contract address before the attack. The attacker then called the mintApprovedTo function, which allowed anyone to mint tokens.

@ankr has been exploited. $aBNBc has dropped -99.5%.
The hacker minted tons of $aBNBc and made a profit of 5,500 BNB (~$1.6 million)
The deployer changed the implementation contract to the vulnerable contract address before the attack (possibly due to private key compromise). pic.twitter.com/GJheXh0oDp

— Beosin Alert (@BeosinAlert) December 2, 2022

According to CoinMarketCap, aBNBc is a reward-bearing token whose value grows as its redemption ratio grows.

Attacker nets $5 million

Lookonchain tweeted that the exploiter minted 20 trillion tokens and dumped it on Pancakeswap.

Seems that @ankr got hacked an hour ago!

The exploiter minted 20T aBNBc and dumped it on #PancakeSwap.

At present, the exploiter have successfully exchanged more than 5 million $USDC.https://t.co/hF1tgNYw0t pic.twitter.com/XIPjBi6wvs

— Lookonchain (@lookonchain) December 2, 2022

PeckShield said the exploiter bridged the stolen funds to Ethereum via celer and deBridgeGate and also transferred some of these funds through Tornado Cash. The firm added that the exploiter moved 900 BNB ($253,000) to Tornado Cash and bridged 3000 ETH and $500,000 USDC to Ethereum.

Ankr confirms exploit

Ankr confirmed on Dec. 2 that its aBNB token was exploited.

Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.

— Ankr (@ankr) December 2, 2022

According to the decentralized web3 infrastructure provider, it is in touch with exchanges to stop trading. The firm added, “all underlying assets on Ankr Staking are safe at this time, and all infrastructure services are unaffected.”

It also urged all liquidity providers to remove their liquidity from DEXs, adding that the tokens would be reissued soon.

Crypto traders profit

A crypto trader capitalized on this hack and used 10 BNB to make $15 million in profit, according to PeckShield.

#PeckShieldAlert 0x8d11F…217 is capitalising off the $aBNBc exploit,
10 $BNB -> 183,384.92 $aBNBc->$hBNB and staked them into Helio Protocol to lend ~$16M BHAY0 & exchanged them into $HAY
Profit: ~$15Mhttps://t.co/YLwhIENcL7$HAY has dropped -61% https://t.co/EKPrYojuHY pic.twitter.com/txTKY042sd

— PeckShieldAlert (@PeckShieldAlert) December 2, 2022

Wu Blockchain reported that the trader converted the 10 BNB for 183,384.92 aBNBc. He then exchanged his aBNBc holding to hBNB and staked it on Helio protocol to lend $16 million BHAYO, which was then exchanged into HAY.

The trade caused the HAY Stablecoin to depeg. As of press time, the stablecoin has lost 33% of its value and is trading for $0.69.

Meanwhile, the Helio Protocol team said it was aware of the exploit and would provide more information soon.

Our team is aware of the exploit. We will update the community as soon as we get more information.

— Helio Protocol ($HAY) 🔶 (@Helio_Money) December 2, 2022

Separately, Lookonchain reported that a trader who shorted the Ankr’s protocol native token made a 53.25% return.

aBNBc, ANKR, BNB price falls

CryptoSlate data shows that the hack has negatively impacted the price of ANKR and BNB.

According to the data, ANKR fell by 4% in the last 24 hours to $0.02155, while BNB is down 3% to $289 as of press time.

Meanwhile, CoinMarketCap data showed that aBNBc plunged by 99.51% to $1.51 as of press time.

Mentioned in this article

BNB Ethereum USD Coin Ankr Binance Changpeng Zhao

Author

Oluwapelumi Adejumo

Journalist at CryptoSlate

Oluwapelumi values Bitcoin's potential. He imparts insights on a range of topics like DeFi, hacks, mining and culture, underlining transformative power.

@hardeyjumoh LinkedIn Email Oluwapelumi

Editor Editor

News Desk

Editor at CryptoSlate

CryptoSlate is a comprehensive and contextualized source for crypto news, insights, and data. Focusing on Bitcoin, macro, DeFi and AI.

@cryptoslate LinkedIn Email Editor

Ad

WorkML.ai: Real World Data Annotation Hub Empowers AI with Crypto

Ad

CryptoSlate on X x.com/cryptoslate

Catch the latest in crypto by following us on X. Stay informed on the go.

Join 50k followers

Ad

Latest Alpha Market Report

Available exclusively via

From 2012 to 2024: Analyzing market conditions before each Bitcoin halving

Andjela Radmilac · 4 days ago

As the fourth Bitcoin halving approaches, an in-depth look at past events offers insights into potential market impacts.

Latest Press Releases

View All

South Park Inspired Meme Coin $SNUKE Launches Presale On Solana

Chainwire 2 hours ago

Zircuit Staking Soars Past $2B TVL In Only 2 Months

Chainwire 2 hours ago

Zulu Network: Moving the Bitcoin Economy Forward with a Two-Tiered Bitcoin Layer 2 Architecture

News Desk 3 hours ago