Overview

Decentralized finance (DeFi) protocol Ankr has lost millions after a hacker minted and dumped 4-quadrillion (4,000 trillion) aBNBc tokens. The cryptos were worth over $5 million. Let that sink in.

The science and other stuff to know

Smart contracts on DeFi platforms use open-source code, providing a publicly viewable map of the software. This enables hackers to orchestrate attacks on their digital infrastructure, stealing millions. For instance, in 2022 alone, hackers have stolen over $3 billion in cryptos from DeFi projects, according to the crypto tracking firm Chainalysis.

And the most recent hacks on smart contracts saw one hacker mint and dump well over 4 quadrillion aBNBc tokens, worth over $5 million. The user tweaked a smart contract’s code and exploited a bug that allowed the scammer to mint an unlimited amount of Ankr’s main token, according to crypto security analytics firm PeckShield.

This hack practically drained all the aBNBc liquidity out of Ankre, according to CoinDesk. As a result, the coin lost more than 99 percent of its value at the time.

Our analysis shows the $aBNBc token contract has an unlimited mint bug. Specifically, while mint() is protected with onlyMinter modifier, there is another function (w/ 0x3b3a5522 func. signature) that completely bypasses the caller verification to have arbitrary mint !!! https://t.co/h51e7xpcVf pic.twitter.com/caRgasNNHq

— PeckShield Inc. (@peckshield) December 2, 2022

So what?

Hackers have exploited the crypto industry for years, raiding the exchanges where investors buy and sell currencies and stealing cryptos from online wallets. However, the rapid hacks on DeFi software have given rise to a new type of threat that has seen crypto firms lose billions. This puts the future of the crypto industry on the edge as more crypto exchanges file for bankruptcy.

What’s next?

The 4 quadrillion crypto tokens hacker wasn’t the only one to benefit from the exploit. Another user exploited the DeFi system and bought 183,885 aBNBc with just 10 BNB, turning what was just $2,879 into $15.5 million worth of BUSD. The trader did this by taking advantage of DeFi lending protocol Helio, which didn’t have up-to-date pricing on aBNBc post-crash.

Ankr stated it will reimburse the users impacted by the exploit that occurred on its platform earlier Friday.
“We will take a snapshot and reissue ankrBNB to all valid aBNBc holders before the exploit. The ankrBNB token will continue to be redeemable, while aBNBc and aBNBb will no longer be redeemable,” Ankr stated in a tweet following the exploit.

The suspected attack comes at a time when the digital asset market is dealing with the financial fallout from the collapse of crypto exchange FTX. It certainly seems like the crypto industry can’t catch a break this year.