Blockchain RPC provider Ankr unveiled final post-mortem of its Dec. 1 attack
On Dec. 1, 2022, blockchain RPC provider Ankr was attacked: someone managed to access the keypair of the team and manipulated the price of aBNBc stakers’ token. Here’s what the team knows so far and how it plans to recover from the attack.
Here’s how Ankr mitigated attack
According to the After Action Report: Our Findings From the aBNBc Token Exploit statement by the Ankr team, the attack on its aBNBc token was initiated by a former team member.
Over a week has passed since aBNBc was exploited.
Since then we have been working non-stop to recover from the incident. As a team, we’ve accomplished multiple things so far.
Blog article: https://t.co/KoJdk4Mrha.
— Ankr (@ankr) December 14, 2022
The attacker injected a malicious code to compromise Ankr’s private key once a legitimate update was made. The team claims that it is collaborating with law enforcement agencies and will bring the attacker to justice.
Ankr engineers immediately alerted all on- and off-ramps about the emergency measures and updated the smart contracts to ensure that no further tampering could happen. Then, the team found all affected users and airdropped a purpose-made ankrBNB compensation token to them.
Compensation ankrBNB was transferred to affected aBNBc or aBNBb token holders. Also, the team fixed the damage to Helio staking platform and stabilized the price of HAY token. A further reimbursement program was announced for the worst sufferers of the attack.
Ankr announces massive improvement plan
To prevent such attacks from happening again, Ankr is going to deploy and activate a number of improvements. First and foremost, the procedure of the protocol update will be improved: the team will employ multi-sig authorization and timestamp for all upgrades activated in mainnet.
The Ankr team is also creating a new internal security measures protocol: all access rights will be reviewed for those working with Ankr. Also, Ankr representatives will implement new monitoring and notifications systems for its clients and community.
Finally, the team is going to reconsider the standards of interaction between Ankr and third-party DeFi protocols.
As covered by U.Today previously, Ankr exploiter managed to steal and withdraw over $5 million in Binance Coin (BNB) equivalent thanks to manipulations of the prices of assets in Ankr’s staking ecosystem.
Source: https://u.today/ankr-confirms-its-exploit-was-inside-job-shares-recovery-plan