It has been reported that DeFi protocol Ankr, which called itself the first ‘node-as-a-service’ platform, has suffered a multi-million dollar exploit due to a bug in its code that allowed for unlimited minting of its token. According to security research firm Peck Shield, the code behind the Anker contract allows any user to mint an unlimited amount of the protocol’s reward-bearing staking tokens without any sort of verification. This allowed the attacker to mint six quadrillions of the aBNBc token.
Protocol DeFi A programming flaw in Anker, which dubbed itself the first “node-as-a-service” platform. Which allowed for the unrestricted creation of its token, which resulted in multi-million dollar exploits?
The Ankr contract’s code, according to safety research company PeckShield, reportedly permits any user to create an infinite number of the protocol’s reward-bearing stake tokens without any kind of verification. This made it possible for the attacker to print six quadrillion aBNBc tokens.
The hacker was able to exchange 20 trillion of a aBNBc coin for BNB after creating. The trillions upon trillions of aBNBc tokens, but then transfer it to Tornado Cash. The attacker subsequently exchanged the B and b tokens for USDC worth 5 million.
According to data from CoinGecko, the aBNBc token has lost approximately 99% of its value. As a result the hacker almost totally drained the liquid pooled on Pancake Swap and Ape Swap.
The staked assets inside the system are currently safe, according to a tweet from Anker.
One shrewd dealer was able to capitalize on the vulnerability. And convert 10 B and b ($2,885) to 15.5 million USD according to on-chain analyst company Lookonchain. The trader accomplished this by using DeFi borrowing protocol Helios, which lacked the most recent price on aBNBc post-crash.
The dealer also was able to borrow $16 billion of the scarcely used HAY virtual currency. And convert it into BUSD by using the pre-crash aBNBc pricing. Since then, the HAY virtual currency has fallen out of favor, reaching a low of 20 cents. But is currently rebounding, with a price of 77 cents, according to CoinMarketCap.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.