Ankr, a web3 infrastructure project on BNB Chain, has suffered a significant exploit. Two hackers were able to make a fortune.

The first one sold an aBNBc "pack", thus clearing the liquidity pool on the Pancake Swap decentralized exchange. The income from the manipulation amounted to $5 million.

Following the aBNBc collapse, the second hacker bought 180K aBNBc for 10 BNB, exchanged them for Helio protocol hBNB, and used them as collateral to take a loan in the project's stablecoin. Then he exchanged $16 million units of this stable for BUSD, leaving his 10 BNB as collateral. In the end, the loss was $3K, and the profit was $16 million.

To explain the ANKR hack, let's recall the recent GALA token exploit on the BSC network. A month ago, a hacker attacked pNetwork, issued trillions of pGALA tokens, and successfully sold them on DEX exchanges. However, similar to aBNBc, that was not the hack's intention.

Due to disorganized platforms, the GALA entrance into the BSC network on some exchanges was open for 30–40 minutes following the attack. Ordinary users purchased a coin at a price 100 times below market, transferred it to CEX, and sold it. The Huobi exchange was the most affected, and it eventually accused pNetwork of purposely leaving a gap in the smart contract and delaying the announcement of the attack.

aBNBc from ANKR could be utilized in credit protocols that deemed the asset at "full value" for an additional hour. Besides, they could also be quickly exchanged through bridges for wrapped tokens like wBNB, hBNB, and stBNB before being sold for the market price of BNB. The deBridgeGate and Celer bridges were mainly involved. At the same time, some users stated that they could even exchange aBNBc for the original BNB, and sell them quickly.

The guys made a fortune in 20 minutes while remaining anonymous. In an official statement, ANKR claimed that only the pool on Pancake Swap and the Helio protocol were impacted. However, there were many more victims of the attack, and the loss could easily reach $60-80 million with decentralized exchanges alone.

A rumor quickly spread that the attack had been organized by the ANKR protocol itself, leaving the base contract's backdoor unlocked. And the fact that Tornado Cash and the anonymous protocol Zcash (ZEC) were used to "launder" the funds shows that the attacker had been preparing the hack for a long time. Additionally, ANKR declared that it would compensate all users affected by the initial attack, those who held aBNBc before the hack. It just costs $5 million.

These attacks will probably increase in frequency in the future. Therefore you should carefully review smart contracts and act quickly to close any vulnerabilities.

Ankr, a web3 infrastructure project on BNB Chain, has suffered a significant exploit. Two hackers were able to make a fortune.

The first one sold an aBNBc "pack", thus clearing the liquidity pool on the Pancake Swap decentralized exchange. The income from the manipulation amounted to $5 million.

Following the aBNBc collapse, the second hacker bought 180K aBNBc for 10 BNB, exchanged them for Helio protocol hBNB, and used them as collateral to take a loan in the project's stablecoin. Then he exchanged $16 million units of this stable for BUSD, leaving his 10 BNB as collateral. In the end, the loss was $3K, and the profit was $16 million.

To explain the ANKR hack, let's recall the recent GALA token exploit on the BSC network. A month ago, a hacker attacked pNetwork, issued trillions of pGALA tokens, and successfully sold them on DEX exchanges. However, similar to aBNBc, that was not the hack's intention.

Due to disorganized platforms, the GALA entrance into the BSC network on some exchanges was open for 30–40 minutes following the attack. Ordinary users purchased a coin at a price 100 times below market, transferred it to CEX, and sold it. The Huobi exchange was the most affected, and it eventually accused pNetwork of purposely leaving a gap in the smart contract and delaying the announcement of the attack.

aBNBc from ANKR could be utilized in credit protocols that deemed the asset at "full value" for an additional hour. Besides, they could also be quickly exchanged through bridges for wrapped tokens like wBNB, hBNB, and stBNB before being sold for the market price of BNB. The deBridgeGate and Celer bridges were mainly involved. At the same time, some users stated that they could even exchange aBNBc for the original BNB, and sell them quickly.

The guys made a fortune in 20 minutes while remaining anonymous. In an official statement, ANKR claimed that only the pool on Pancake Swap and the Helio protocol were impacted. However, there were many more victims of the attack, and the loss could easily reach $60-80 million with decentralized exchanges alone.

A rumor quickly spread that the attack had been organized by the ANKR protocol itself, leaving the base contract's backdoor unlocked. And the fact that Tornado Cash and the anonymous protocol Zcash (ZEC) were used to "launder" the funds shows that the attacker had been preparing the hack for a long time. Additionally, ANKR declared that it would compensate all users affected by the initial attack, those who held aBNBc before the hack. It just costs $5 million.

These attacks will probably increase in frequency in the future. Therefore you should carefully review smart contracts and act quickly to close any vulnerabilities.