- The BNB Chain-based Decentralized Finance (DeFi) protocol known as Ankr was exploited.
- Around 20 trillion Ankr Reward Bearing Staked BNB (aBNBc) were minted with over 5 million USDC exchanged.
- PeckShield’s analysis revealed the aBNBc token contract had an “unlimited bug.”
According to on-chain data, an attacker exploited the Ankr Protocol and was able to mint trillion Ankr Reward Bearing Staked BNB (aBNBc). The exploiter managed to exchange more than 5 million in USD Coin (USDC).
Ankr officially confirmed this exploit occurred on December 2, 2022.
Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.
— Ankr (@ankr) December 2, 2022
How Ankr Got Exploited
Lookonchain, a web3 data analysis tool, reported that Ankr got hacked on December 2, 2022. They reported that a trader could cash in on the exploit and turn 10 BNB ($2,885) into 15.5 million BUSD.
This was followed by a tweet from PeckShieldAlert, where the Ankr Exploiter held 19,999,999,972,926 aBNBc, which made them the 13th largest holder.
The analysis made by PeckShield, also revealed that the aBNBc token contract featured an “unlimited bug,” where the exploiter used another function to dodge the caller verification and carried out the arbitrary mint.
Our analysis shows the $aBNBc token contract has an unlimited mint bug. Specifically, while mint() is protected with onlyMinter modifier, there is another function (w/ 0x3b3a5522 func. signature) that completely bypasses the caller verification to have arbitrary mint !!! https://t.co/h51e7xpcVf pic.twitter.com/caRgasNNHq
— PeckShield Inc. (@peckshield) December 2, 2022
Based on their research, the code behind the Ankr contract lets any user mint an unlimited amount of the protocol’s reward-bearing staking tokens without verification, letting the hacker mint aBNBc tokens.
Then, the attacker swapped them for BNB and moved them to Tornado Cash, eventually swapping the BNB tokens for the 5 million USDC.
As the attacker nearly completely drained all of the liquidity pools that have aBNBc on PancakeSwap and ApeSwap, the token lost 99% of its value.
Ankr took to Twitter again, told decentralized exchanges to block trading, and announced that they would re-issue the tokens after assessing the situation.
They did, however, reassure users that all of the staked assets within the protocol are safe.
The Current Consequences of The Exploit
Binance, as a result of this, paused withdrawals of Ankr tokens after the exchange’s CEO Changpeng Zhao said hackers possibly targeted the tokens.
The Binance exchange revealed that their team was engaged with the relevant parties to investigate things further and assured that Binance’s user funds were not at risk.