Binance Pauses Withdrawals Amid $5M Ankr 'Infinite Mint' Hack

Binance CEO Changpeng Zhao announced that the crypto exchange had paused withdrawals linked to a recent attack on Ankr.

“Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one,” wrote Zhao. “Binance paused withdrawals a few hours ago. Also froze about $3m that hackers move to our CEX.”

Ankr is a distributed node operator for proof-of-stake networks, letting users stake their tokens easily without having to buy the necessary hardware.

Possible hacks on Ankr and Hay. Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one. Binance paused withdrawals a few hrs ago. Also froze about $3m that hackers move to our CEX.
— CZ 🔶 Binance (@cz_binance) December 2, 2022

It was hacked in the early hours of Friday, with the attacker leveraging the smart contract for the aBNBc token that allowed them to create an infinite amount of this token. This token represents a staked version of Binance’s BNB token that earns rewards on Ankr. The token’s price has collapsed 99.5% since the attack, according to CoinGecko.

The number of tokens created is unclear, but some reports indicate that they were able to mint as much as 60 trillion aBNBc tokens.

The attacker swiftly began to bridge USDC off BSC, moving to Ethereum chain initially using deBridge, and also sending 900 BNB to Tornado Cash.
Later switching to using cBridge, the attacker continued to sell into the pool, collecting USDC relentlessly. https://t.co/WFbngQD1yQ pic.twitter.com/u7jcLlJ92F
— Arkham | Crypto Intelligence (@ArkhamIntel) December 2, 2022

They swapped many of these tokens for the stablecoin USDC and began moving them off of the Binance Smart Chain and onto Ethereum.

Ankr did not immediately respond to Decrypt‘s request for comment.

Ankr responds to attack

The Ankr team confirmed that it had been robbed of roughly $5 million in BNB. It also announced a proposal to make affected users whole by reissuing a new token called ankrBNB which would be distributed to pre-hack aBNBc holders.

3/ Additionally, Ankr will purchase 5m worth of BNB and use this to compensate in totality the liquidity providers that have been affected by the exploit due to the drainage of the liquidity pool.
— Ankr (@ankr) December 2, 2022

Ankr would also buy $5 million in BNB tokens to compensate liquidity providers.

Today’s attack, though far from the largest, puts 2022 closer to becoming one of the most lucrative years for hackers. According to crypto sleuthing firm Chainalysis, more than $3 billion has already been stolen from various crypto protocols.

Last year, the total amount stolen was an all-time high of $3.2 billion.

Stay on top of crypto news, get daily updates in your inbox.

Source: https://decrypt.co/116268/binance-pauses-withdrawals-amid-5m-ankr-hack