---

Key points: 

• Ankr has confirmed that aBNB token had been exploited.
• The attackers minted 20 trillion aBNBc. 
• The attackers used Uniswap, Tornado Cash, and various bridges to swap and obfuscate funds for an estimated $5 million worth of USD.
• Massive minting caused the price of aBNBc to drop 99.5 percent from $303.89 to $1.53 in a matter of hours. 
• Binance is working to further investigate the matter, adding that Binance’s user funds are not at risk.

---

Ankr, a decentralized finance (DeFi) protocol based on the BNB chain, has confirmed that it was hit with a multi-million dollar attack on Dec. 2.

The attack appears to have been first spotted by on-chain security analyst PeckShield around 00:35 UTC on December 2.

Within an hour of the attack, Ankr confirmed on Twitter that the aBNB token had been exploited and that they were working with the exchange to immediately stop trading the infected token.

The attackers were allegedly able to mint 20 trillion Ankr Reward Bearing Stacked BNB (aBNBc), a BNB reward-bearing token staked on the protocol.

The attackers have since used services such as Uniswap, Tornado Cash, and various bridges to swap and obfuscate funds for an estimated $5 million worth of USD token receipts, according to a Twitter post from on-chain analytics firm Lookonchain.

A subsequent post also added that "all underlying assets on Ankr Staking are currently safe and all infrastructure services are unaffected".

In a comment on the attack, blockchain security firm Beosin said the exploit could be the result of a vulnerability in the smart contract code combined with a leaked private key, which may have stemmed from a technique by the Ankr team about 12 hours ago. 

Beosin also noted that the massive minting caused the price of aBNBc to drop 99.5 percent from $303.89 to $1.53 in a matter of hours, according to CoinMarketCap.

A Beosin spokesperson told: “It is possible that the deployer’s private key was exposed in this upgrade, leading to an attacker using deployer privileges to modify the contract."

In a Twitter post on Dec. 2, cryptocurrency exchange Binance confirmed that its team is working with interested parties to further investigate the matter, adding that Binance’s user funds are not at risk. The Twitter page for the BNB chain also stated that the wallet address of the exploiter had been blacklisted.

We are aware of the attack on @ankr's aBNBc that happened earlier today, leading to a substantial amount of new aBNBc being minted. The exploiter has been blacklisted.
Our community is on top of it, coordinating a response. We will provide more updates as they become available.

— BNB Chain (@BNBCHAIN) December 2, 2022