- Ankr says a former employee exploited the protocol via a supply chain attack.
- The attacker stole $5 million from the protocol after minting 6 quadrillion aBNBc tokens and finally swapping them into USD Coin (USDC).
- Ankr is working with law enforcement to bring the individual to justice.
Decentralised finance (DeFi) protocol Ankr has revealed that a former member of the team was behind the exploit that saw $5 million stolen from the platform.
An update Ankr published on its website stated that it is an ex-employee who orchestrated the supply chain attack.
The DeFi protocol noted that the early December attack resulted from a malicious code package the former employee inserted into the system, and which then compromised the protocol’s private keys after an update.
Ankr exploit was ‘inside job’
The inside job saw the attacker steal Ankr Reward Bearing Stake (aBNBc), which are staking reward tokens users get when they stake Binance Coin on Ankr.
During the attack, the hacker was able to mint 6 quadrillion aBNBc tokens. They then proceeded to swap the minted tokens via the Tornado Cash mixer, ending up with $5 million in the stablecoin USD Coin (USDC).
Ankr says it’s cooperating with law enforcement to help prosecute the said individual.
In the aftermath of the exploit, Ankr worked on a reimbursement plan for impacted users and liquidity providers. The Web3-native organisation moved to fix the breach on the aBNBc borrowing platform Helio, by re-stabilizing HAY price.
The team also airdropped ankrBNB to customers who lost their aBNBc or aBNBb tokens and BNB to all impacted DeFi liquidity providers.