Bad night for Ankr, the decentralized finance protocol based on the BNB chain, which fell victim to a hack to the extent of more than $5 million in stolen crypto.
Apparently, hackers managed to create a disproportionate number of Ankr tokens by making use of the Reward Bearing Staked BNB (aBNBc) and exploiting a bug in the system, later detected by security firm PeckShield.
By that time, however, it was too late: Ankr’s value had already plummeted by nearly 100%.
Summary
Hack against the DeFi Ankr platform: what happened and Binance’s crypto assets
During the attack, the hacker managed to divert some of the stolen funds to Tornado Cash, the smart contract that had already come under the crosshairs of institutions because it can anonymize transactions.
According to Lookonchain, an on-chain analytics firm, the hacker has already stolen about $10 million USD Coin (USDC) tokens. Binance is already working with interested parties to investigate the incident.
The exchange has assured its users that the funds are safe, although it is difficult to sleep soundly these days. In fact, in October, BNB Chain had been temporarily suspended after suffering a $570 million hack.
Following the bad news, Binance suspended withdrawals of Ankr tokens after the cryptocurrency exchange’s CEO, Changpeng Zhao, said the tokens could be targeted by hackers.
Ankr, on the other hand, told decentralized exchanges to stop trading and also said it will release the tokens after assessing the situation. On Ankr’s Twitter profile, specific instructions were given:
“Further instructions from the Ankr team:
- Do not trade
- Remove liquidity from DEXes if you are a liquidity provider (and keep the aBNBc)
- Snapshot will be done and wait for additional news
- Will do a reissuance of aBNBc”
Zhao also said that the exchange has frozen about $3 million that the hackers transferred to the Binance centralized exchange. In fact, CZ’s Twitter account says the following:
Possible hacks on Ankr and Hay. Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hrs ago. Also froze about $3m that hackers move to our CEX.
— CZ 🔶 BNB (@cz_binance) December 2, 2022
Hacker attacks unfortunately increasingly frequent for crypto
According to Chainalysis, a well-known cryptocurrency analytics firm, hacker attacks for the crypto world have become more and more frequent, and for its part, the company has become increasingly accurate in detecting them.
As cryptocurrencies have emerged as a global payment tool, not only have the opportunities and investor base grown, but also, unfortunately, those who take advantage of system bugs to hack systems and steal large sums of money.
The criminal group par excellence for this type of hacking attack goes by the name of Lazarus. The latter has already hit wallets and platforms for millions of dollars and boasts the characteristic of regenerating its “resources,” i.e., hackers, by replacing them with new criminal professionals.
Unfortunately, DeFi is particularly susceptible to this type of attack, as it has an open source system that facilitates the work of hackers.
A sum bordering on $2 billion, up 60% from the same period last year, gives a better understanding of the dimensions of the phenomenon that often takes spy story overtones, being financed in some cases by governments such as Kim Jong-Un’s Korea itself.
To date, unfortunately, the hackers’ technique has evolved and more bugs in the system continue to be tested. However, DeFi’s ability to resist these has also grown. Indeed, the collaboration between DeFi, Chainalysis, law enforcement, and governments increasingly tightens the circle around groups like Lazarus.
In particular, North Korean hackers remain difficult to defeat, as they exploit a veritable semi-government school of hacking in the country. In fact, it often happens that these hackers manage to infiltrate directly into companies that deal with the crypto world, so they strike directly with insiders.
Binance is also in the crosshairs of hackers
As anticipated, Binance in October had also ended up in the crosshairs of hacker attacks. In fact, tokens worth about $100 million had been stolen from the well-known exchange platform.
Specifically, the attack aimed at stealing BNB, Binance’s proprietary token that operates on the Binance Smart Chain blockchain. The hackers’ action targeted BSC Token Hub, a bridge between two Binance systems.
Changpeng Zhao following the incident had stated that the problem had been contained and customer funds were safe. According to some third-party estimates, the value of the loot initially appeared to be around $570 million, but the company later confirmed a countervalue of between $100 million and $110 million.