It has been reported that DeFi protocol Ankr, which called itself the first ‘node-as-a-service’ platform, has suffered a multi-million dollar exploit due to a bug in its code that allowed for unlimited minting of its token. According to security research firm Peck Shield, the code behind the Anker contract allows any user to mint an unlimited amount of the protocol’s reward-bearing staking tokens without any sort of verification. This allowed the attacker to mint six quadrillions of the aBNBc token.
Protocol DeFi A programming flaw in Anker, which dubbed itself the first “node-as-a-service” platform. Which allowed for the unrestricted creation of its token, which resulted in multi-million dollar exploits?
The Ankr contract’s code, according to safety research company PeckShield, reportedly permits any user to create an infinite number of the protocol’s reward-bearing stake tokens without any kind of verification. This made it possible for the attacker to print six quadrillion aBNBc tokens.
The hacker was able to exchange 20 trillion of a aBNBc coin for BNB after creating. The trillions upon trillions of aBNBc tokens, but then transfer it to Tornado Cash. The attacker subsequently exchanged the B and b tokens for USDC worth 5 million.
According to data from CoinGecko, the aBNBc token has lost approximately 99% of its value. As a result the hacker almost totally drained the liquid pooled on Pancake Swap and Ape Swap.
The staked assets inside the system are currently safe, according to a tweet from Anker.
One shrewd dealer was able to capitalize on the vulnerability. And convert 10 B and b ($2,885) to 15.5 million USD according to on-chain analyst company Lookonchain. The trader accomplished this by using DeFi borrowing protocol Helios, which lacked the most recent price on aBNBc post-crash.
The dealer also was able to borrow $16 billion of the scarcely used HAY virtual currency. And convert it into BUSD by using the pre-crash aBNBc pricing. Since then, the HAY virtual currency has fallen out of favor, reaching a low of 20 cents. But is currently rebounding, with a price of 77 cents, according to CoinMarketCap.
DeFi platform, Ankr has suffered an exploit which saw the hacker minting quadrillions of aBNBc tokens before turning them into around $5 to $7 million USD in profit (figures are still being confirmed). Binance managed to freeze $3 million of the stolen funds after the hackers sent them to the exchange. Stablecoin HAY also suffered in the exploit (losing its $1 peg) after hackers used HAY’s Helios Protocol to carry out the exploit on Ankr.
According to Comparitech’s crypto heist tracker, 2022 has been a record-breaking year for crypto heists with 179 in total and with losses in excess of $3.56 billion USD. This far exceeds 2021’s overall total of 132 heists and $2.74 billion USD in losses.