Ankr, a decentralized finance (DeFi) protocol on the BNB chain, has been hit with a $5 million exploit.
The hack occurred earlier Friday morning after the attacker took advantage of an unlimited mint bug in the aBNBc token smart contract, a bug that the attacker reportedly engineered.
A total of 10 trillion aBNBc was minted and later swapped by the attacker for 4,050,500 USDC and 5,000 BNB tokens. All USDC was then moved from the Binance Smart Chain onto Ethereum and funneled through crypto mixer Tornado Cash.
Binance CEO Changpeng Zhao said his exchange would be freezing withdrawals related to the recent hack.
“Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one,” Zhao tweeted. “Binance paused withdrawals a few hours ago. Also froze about $3m that hackers move to our CEX.”
Liquidity pools of aBNBc on PancakeSwap and ApeSwap have almost been completely drained by the hack, and as a result, the price of aBNBc has dipped by 99.5% over the past 24 hours — the price of Ankr’s native cryptocurrency, ANKR, has also been affected, dropping by 2.5% in the past day.
Ankr’s team is actively looking at resolving its smart contract issues and will be reimbursing users affected by the hack.
“Ankr will purchase 5m worth of BNB and use this to compensate in totality the liquidity providers that have been affected by the exploit due to the drainage of the liquidity pool,” the company tweeted.
Adding, “the ankrBNB token will continue to be redeemable, while aBNBc and aBNBb will no longer be redeemable.”
The Ankr team put out a damage assessment Friday afternoon ET, detailing the next steps for holders of the affected tokens.
Get the day’s top crypto news and insights delivered to your inbox every evening. Subscribe to Blockworks’ free newsletter now.
Blockworks: News and insights about digital assets.