Decentralized finance (DeFi) protocol Ankr, which calls itself the first “node-as-a-service” platform, has suffered a $5 million exploit over a bug in its code that allowed attackers to mint unlimited tokens.
According to security research firm PeckShield, the code behind the Ankr contract allows any user to mint an unlimited amount of the protocol’s reward-bearing staking tokens without verification.
An attacker took advantage of the code to mint six quadrillion of the aBNBc token, and swapped 20 trillion of those for BNB, which were then moved to Tornado Cash. The attacker then exchanged the BNB for USDC.
As the hacker drained the aBNBc liquidity pools on decentralized exchanges PancakeSwap and ApeSwap, the token lost nearly all of its value. Ankr noted that all staked assets within the protocol are currently safe.
An opportunistic trader used the exploit to turn 10 BNB into 15.5 million BUSD by taking advantage of a DeFi lending protocol that did not have up-to-date pricing on aBNBc.
Binance CEO Changpeng Zhao has revealed the exchange froze $3 million worth of crypto that the hackers sent to it.
- Bitcoin
- blockchain
- blockchain compliance
- blockchain conference
- coinbase
- coingenius
- Consensus
- crypto conference
- crypto mining
- CryptoCompare
- cryptocurrency
- Daily Crypto News
- decentralized
- DeFi
- Digital Assets
- ethereum
- machine learning
- non fungible token
- plato
- plato ai
- Plato Data Intelligence
- Platoblockchain
- PlatoData
- platogaming
- Polygon
- proof of stake
- W3
- zephyrnet
