Techno Blender
Digitally Yours.

Ankr Successfully Patched the Security Vulnerability Exploited by Hackers

0 47


by Market Trends December 6, 2022

Ankr protocol has swiftly patched the security vulnerability exploited by hackers earlier this week

Ankr, a decentralized finance (DeFi) protocol also popularly known as the first ‘node-as-a-service’ platform, has announced that it has restored security after suffering a hack on Dec 1st. The attackers stole an estimated $5 million worth of BNB across liquidity pools in various DEXes.

In the announcement, Ankr states that it has taken the necessary steps to compensate liquidity providers that were affected by the hack. It will purchase $5 million worth of BNB to use in paying out the compensation.

“Thanks to the fast actions from the Ankr team and various protocols, we were able to minimize any damage done extremely quickly. Hacks and exploits from bad actors like this are an unfortunate possibility in Web3, even with every attention to detail in security processes; but we were well prepared. Unlike previous events in space this year, we are doing the right thing by our community and ensuring that this is taken care of immediately with lost funds restored”, says Chandler Song, Co-Founder & CEO, Ankr.

 

What happened?

It was hacked in the early hours of Friday, with the attacker leveraging the smart contract for the aBNBc token that allowed them to create an infinite amount of this token. This token represents a staked version of Binance’s BNB token that earns rewards on Ankr.

The aBNBb smart contract was safe from third-party minting prior to the attack, however, the attacker was able to obtain access to the deployer key. The attacker then uploaded a new aBNBb contract that included an extra method to mint without authorization checks. The attacker minted an excess of aBNBb out of thin air and rapidly moved to swap it out for other tokens on decentralized exchanges.

The address 0xf3a used the infinite mint bug in Ankr’s contract code to mint a total of 60 trillion aBNBc across 6 different transactions. The attacker was able to swap some for the stablecoin USDC and began moving them off of the Binance Smart Chain and onto Ethereum before the transactions were flagged. The Ankr team confirmed that it had been robbed of roughly $5 million in BNB. It also announced a proposal to make affected users whole by reissuing a new token called ankrBNB which would be distributed to pre-hack aBNBc holders.

 

What are the next steps for Ankr and Its users?

The Ankr team says it quickly identified the vulnerability and began flagging the attackers’ attempts to liquidate the assets via various exchanges, an action which it says helped limit damages to $5 million. No other liquid staking tokens or Ankr products were affected, while Ankr’s validators, RPC API, and AppChain services also continued to operate without any disruptions during the mishap.

Despite having fixed the security issues, Ankr is still taking more steps to ensure more robust and complete security. The protocol is discontinuing the current smart contracts of the aBNBc token and its sister token aBNBb.

New tokens will be minted and airdropped to all users of the current tokens. The announcement states that Ankr will use a snapshot to airdrop the newly released tokens to all valid aBNBc holders.

Meanwhile, it directs users and liquidity providers to follow certain guidelines to mitigate risks. These include not trading aBNBc or buying speculatively at a discount, removing liquidity from DEXes, and just waiting patiently if they were affected by the exploit as the snapshot will ensure compensation is received.

Share This Article

Do the sharing thingy

About Author

More info about author

Market Trends

Analytics Insight is an influential platform dedicated to insights, trends, and opinions from the world of data-driven technologies. It monitors developments, recognition, and achievements made by Artificial Intelligence, Big Data and Analytics companies across the globe.

More by Market Trends


by Market Trends December 6, 2022

Ankr protocol has swiftly patched the security vulnerability exploited by hackers earlier this week

Ankr, a decentralized finance (DeFi) protocol also popularly known as the first ‘node-as-a-service’ platform, has announced that it has restored security after suffering a hack on Dec 1st. The attackers stole an estimated $5 million worth of BNB across liquidity pools in various DEXes.

In the announcement, Ankr states that it has taken the necessary steps to compensate liquidity providers that were affected by the hack. It will purchase $5 million worth of BNB to use in paying out the compensation.

“Thanks to the fast actions from the Ankr team and various protocols, we were able to minimize any damage done extremely quickly. Hacks and exploits from bad actors like this are an unfortunate possibility in Web3, even with every attention to detail in security processes; but we were well prepared. Unlike previous events in space this year, we are doing the right thing by our community and ensuring that this is taken care of immediately with lost funds restored”, says Chandler Song, Co-Founder & CEO, Ankr.

 

What happened?

It was hacked in the early hours of Friday, with the attacker leveraging the smart contract for the aBNBc token that allowed them to create an infinite amount of this token. This token represents a staked version of Binance’s BNB token that earns rewards on Ankr.

The aBNBb smart contract was safe from third-party minting prior to the attack, however, the attacker was able to obtain access to the deployer key. The attacker then uploaded a new aBNBb contract that included an extra method to mint without authorization checks. The attacker minted an excess of aBNBb out of thin air and rapidly moved to swap it out for other tokens on decentralized exchanges.

The address 0xf3a used the infinite mint bug in Ankr’s contract code to mint a total of 60 trillion aBNBc across 6 different transactions. The attacker was able to swap some for the stablecoin USDC and began moving them off of the Binance Smart Chain and onto Ethereum before the transactions were flagged. The Ankr team confirmed that it had been robbed of roughly $5 million in BNB. It also announced a proposal to make affected users whole by reissuing a new token called ankrBNB which would be distributed to pre-hack aBNBc holders.

 

What are the next steps for Ankr and Its users?

The Ankr team says it quickly identified the vulnerability and began flagging the attackers’ attempts to liquidate the assets via various exchanges, an action which it says helped limit damages to $5 million. No other liquid staking tokens or Ankr products were affected, while Ankr’s validators, RPC API, and AppChain services also continued to operate without any disruptions during the mishap.

Despite having fixed the security issues, Ankr is still taking more steps to ensure more robust and complete security. The protocol is discontinuing the current smart contracts of the aBNBc token and its sister token aBNBb.

New tokens will be minted and airdropped to all users of the current tokens. The announcement states that Ankr will use a snapshot to airdrop the newly released tokens to all valid aBNBc holders.

Meanwhile, it directs users and liquidity providers to follow certain guidelines to mitigate risks. These include not trading aBNBc or buying speculatively at a discount, removing liquidity from DEXes, and just waiting patiently if they were affected by the exploit as the snapshot will ensure compensation is received.

Share This Article

Do the sharing thingy

About Author

More info about author

Market Trends

Analytics Insight is an influential platform dedicated to insights, trends, and opinions from the world of data-driven technologies. It monitors developments, recognition, and achievements made by Artificial Intelligence, Big Data and Analytics companies across the globe.

More by Market Trends

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment