Ankr Admits $5M Crypto Hack Was Inside Job

The $5 million that was stolen from the platform of crypto startup Ankr earlier this month was allegedly orchestrated by a former employee. On December 2nd, a malicious hacker breached the smart contract for the aBNBc token used in Ankr's staking rewards program. By exploiting a loophole in the token's code, they could deploy it to the Binance-branded BNB Chain and mint as many tokens as they wanted. In a blog post on Tuesday, the decentralized finance protocol claimed that an ex-member of the team was responsible for the hack. The person's identity was concealed, and a name was not mentioned.

“A former team member (who is no longer with Ankr) acted maliciously to conduct a supply chain attack, inserting a malicious code package that was able to compromise our private key once a legitimate update was made,” Ankr said.

After on-chain detective work had linked suspicious transactions to an Ankr deployer, the crypto intelligence firm Arkham had suspected an inside job.

Ankr added: “Unfortunately, bad internal actors can affect any protocol, and we are working on shoring up internal HR processes and safety measures to strengthen our security posture going forward.”

The team and law enforcement are investigating whether or not to press charges against the departing member. Ankr previously explained that the attacker "minted an excess of aBNBc out of thin air by uploading a new contract that allowed minting without authorization checks." They then proceeded to trade it on decentralized exchanges for other tokens. The attacker created a total of 60 trillion aBNBc through six separate transactions. Some were converted to USDC, and the stablecoins were bridged to Ethereum and put through the crypto washer Tornado Cash.

Helio, a staking platform, was hacked not long after the Ankr hack, and despite the aBNBc token price dropping from $303 to $1.54, Helio still displayed the old price for the token. Affected Ankr tokens were used as collateral to secure a $16 million loan of the native stablecoin HAY. According to blockchain analysis firm BlockSec, the thieves exchanged the money for $15 million in BinanceUSD (BUSD) before sending it to Binance.

Later, Ankr implemented a community recovery plan, which included paying damages to the exploit's victims among the platform's liquidity providers, lenders, and other users. The group also stabilized HAY after the stablecoin depegged, though the token is still trading for less than its original $1.00 value. Whatever the case, Ankr believes multi-sig authentication for updates will prevent future attacks of this nature. The group is also conducting employee background checks and reviewing permission levels.