Ankr hack: $5 million stolen by employee

He took the door, and the safe with – After having undergone a hack $5 million on December 1, Ankr looks back at this feat by a former employee, and explains how and why it happened.

When the Ankr employee leaves with the cash register

20 trillion BNB (20 trillion). This is the number of tokens that have been illegally minted on the protocol. In the form of aBNBc (BNB Ankr Reward Bearing Staked), these mass-produced tokens were immediately traded for $5 million, in USDC.

Ankr returns to this hack in a communication on his blogexplaining that this flaw, which allowed the creation of these tokens, was injected into the code intentionally.

Piracy

In his statement, the protocol explains that today the flaw is under control, and that security has been completely restored by his team.

The exploit was possible in part because there was a single point of failure in our developer key. We will now implement multi-signature authentication for updates that will require approval from all key custodians during limited time intervals, which will make a future attack of this type extremely difficult, if not impossible. These features will improve the security of the new ankrBNB contract and all Ankr tokens.»

The culprit of this hack is therefore a former employee of Ankr, who integrated malicious code before leaving the company. Thanks to these few lines, he was able to recover the private key allowing him to generate infinite tokens. The investigation is still ongoing and Ankr is working hand in hand with law enforcement to prosecute this ex-employee.

>> You don’t trust the platforms to keep your cryptos? Ledger has the solution (commercial link) <<

Review recruitment and reimburse users

Ankr also announces that it is reviewing its HR processes in order to better select its employees.

Ankr is also committed to improving human resource practices. It will require “intensified” background checks for all employees, even those working remotely. It will also review access rights to ensure that sensitive data is only accessible to workers who need it. The company will also implement new notification systems to alert the team more quickly in the event of a problem.. »

After securing the protocol, one of the first steps put in place was to correct the damage caused, by effect, dominoes, in particular to the platform Helio. More than $15 million would have been spent to allow the HAY token (stablecoin) to be repeg.

Regarding its users, the protocol announces that the reissuance of aBNBb and aBNBc tokens is envisaged. 5 million dollars of equity will be put in place to ensure the value of these tokens, which will be distributed to the people defrauded. A repayment plan is being put in place.

The hacks are unfortunately part of the life of decentralized protocols, and each time the losses are catastrophic. But this kind of hacking hurts even more when it’s orchestrated from the inside, by someone you trust.
Always be very careful, never give too much information about the state of your wallets or your cryptocurrencies, even to people close to you. Caution is paramount when money is at stake.

In crypto, do not economize on caution! So, to keep your crypto assets safe, the best solution is still a personal hardware wallet. At Ledger, there is something for all profiles and all cryptos. Do not wait to put your capital in safety (commercial link)!

Last Verdict

To get more updates about the insurance you can follow our website or can bookmark it.

Leave a Reply

Your email address will not be published. Required fields are marked *