$25 million stolen in yet another crypto hack

Ankr and Helio hacked

Ankr, a decentralized finance (DeFi) protocol based on the BNB Chain, has confirmed it has been the victim of a multi-million dollar exploit. Nothing new under the sun in 2022, where billions of dollars are lost due to hacks. What actually happened?

Related article: How have Lionel Messi and Argentina affected crypto markets?

Early on Friday, CZ, the CEO of Binance, reported there was a possible hack on Ankr and HAY. Ankr allegedly lost approximately $5 million in this exploit, while Helio Protocol (HAY) lost up to $20 million. However, he said, Binance managed to pause withdrawals and freeze $3 million that the hacker moved to their crypto exchange.

Possible hacks on Ankr and Hay. Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hrs ago. Also froze about $3m that hackers move to our CEX.

— CZ 🔶 Binance (@cz_binance) December 2, 2022

Ankr confirmed this event on Twitter later on. About an hour after the attack began, the crypto company tweeted that the aBNB token had been compromised and that it was working with exchanges to immediately halt trading of the token. 

The attacker created 20 trillion (some claim even more) Ankr Reward Bearing Staked BNB (aBNBc), a token that can be staked for rewards in BNB. 

Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading.

— Ankr (@ankr) December 2, 2022

After minting these tokens, the attacker quickly sold them on BNB Chain’s decentralized exchanges, draining the liquidity of more than $5 million. As the hacker dumped a large quantity of aBNBc onto decentralized exchanges, the token’s price plummeted by more than 99%. After he was done with that, the stage was set for the second exploit.

BlockSec discovered that someone else had purchased 183,000 aBNBc tokens for 10 Binance Coins (BNB). The hacker then transferred the tokens to Helio Protocol, a stablecoin issuer that relies on the BNB Chain. 

Also read: More than 215 million people can officially pay with crypto

Since Helio Money’s oracle system didn’t update aBNBc prices after its rapid crash, the attacker was able to borrow $16 million in the HAY stablecoin using only a small amount of aBNBc as collateral. A huge amount of the protocol’s value was lost when an attacker traded $15 million in Binance USD (BUSD) for HAY. 

HAY token chart, source: coinmarketcap.com

Bottom line

Binance is fully aware of the issue and is working on it, as shown in the tweet. However, the issue with cryptocurrencies stays the same. If crypto proponents want naysayers to see that this technology is worth it, it needs to improve rapidly. 

We are aware of the attack on @ankr's aBNBc that happened earlier today, leading to a substantial amount of new aBNBc being minted. The exploiter has been blacklisted.
Our community is on top of it, coordinating a response. We will provide more updates as they become available.

— BNB Chain (@BNBCHAIN) December 2, 2022

The largest crypto exchanges must stop collapsing, hacks must be reduced, and more utilities must be found for crypto to be seen as beneficial for society.