Ankr Confirms Its Exploit Was Inside Job, Shares Recovery Plan


article image

Vladislav Sopov

Blockchain RPC provider Ankr unveiled final post-mortem of its Dec. 1 attack

Contents

On Dec. 1, 2022, blockchain RPC provider Ankr was attacked: someone managed to access the keypair of the team and manipulated the price of aBNBc stakers’ token. Here’s what the team knows so far and how it plans to recover from the attack.

Here’s how Ankr mitigated attack

According to the After Action Report: Our Findings From the aBNBc Token Exploit statement by the Ankr team, the attack on its aBNBc token was initiated by a former team member.

The attacker injected a malicious code to compromise Ankr’s private key once a legitimate update was made. The team claims that it is collaborating with law enforcement agencies and will bring the attacker to justice.

Ankr engineers immediately alerted all on- and off-ramps about the emergency measures and updated the smart contracts to ensure that no further tampering could happen. Then, the team found all affected users and airdropped a purpose-made ankrBNB compensation token to them.

Compensation ankrBNB was transferred to affected aBNBc or aBNBb token holders. Also, the team fixed the damage to Helio staking platform and stabilized the price of HAY token. A further reimbursement program was announced for the worst sufferers of the attack.

Ankr announces massive improvement plan

To prevent such attacks from happening again, Ankr is going to deploy and activate a number of improvements. First and foremost, the procedure of the protocol update will be improved: the team will employ multi-sig authorization and timestamp for all upgrades activated in mainnet.

The Ankr team is also creating a new internal security measures protocol: all access rights will be reviewed for those working with Ankr. Also, Ankr representatives will implement new monitoring and notifications systems for its clients and community.

Finally, the team is going to reconsider the standards of interaction between Ankr and third-party DeFi protocols.

As covered by U.Today previously, Ankr exploiter managed to steal and withdraw over $5 million in Binance Coin (BNB) equivalent thanks to manipulations of the prices of assets in Ankr’s staking ecosystem.

Source: https://u.today/ankr-confirms-its-exploit-was-inside-job-shares-recovery-plan