The BNB Chain-based decentralized finance (DeFi) protocol Ankr has confirmed it has been hit by a multi-million dollar exploit on Dec. 1.
The attacker was purportedly able to mint 20 trillion Ankr Reward Bearing Staked BNB (aBNBc), a reward-bearing token for BNB (BNB) staked on the protocol. The exploiter has since used services such as Uniswap, Tornado Cash, and various bridges to swap and obfuscate the funds and has successfully gained around 5 million USD Coin (USDC)
Seems that @ankr got hacked an hour ago!
The exploiter minted 20T aBNBc and dumped it on #PancakeSwap.
— Lookonchain (@lookonchain) December 2, 2022
It’s believed either a vulnerability in the protocol’s smart contract or a compromise of private keys is to blame for the exploit.
Ankr only made a quick statement on its Twitter page that its “aBNB token has been exploited” and that it is currently working with exchanges to immediately halt trading of the compromised token.
Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.
— Ankr (@ankr) December 2, 2022
Cointelegraph contacted Ankr but did not receive an immediate response.
This is a developing story and more information will be added as it becomes available.