Binance Pauses Withdrawals Amid $5M Ankr ‘Infinite Mint’ Hack

Binance CEO Changpeng Zhao announced that the crypto exchange had paused withdrawals linked to a recent attack on Ankr.

“Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one,” wrote Zhao. “Binance paused withdrawals a few hours ago. Also froze about $3m that hackers move to our CEX.”

Ankr is a distributed node operator for proof-of-stake networks, letting users stake their tokens easily without having to buy the necessary hardware.

It was hacked in the early hours of Friday, with the attacker leveraging the smart contract for the aBNBc token that allowed them to create an infinite amount of this token. This token represents a staked version of Binance’s BNB token that earns rewards on Ankr. The token’s price has collapsed 99.5% since the attack, according to CoinGecko.

The number of tokens created is unclear, but some reports indicate that they were able to mint as much as 60 trillion aBNBc tokens.

They swapped many of these tokens for the stablecoin USDC and began moving them off of the Binance Smart Chain and onto Ethereum.

Ankr did not immediately respond to Decrypt‘s request for comment.

Ankr responds to attack

The Ankr team confirmed that it had been robbed of roughly $5 million in BNB. It also announced a proposal to make affected users whole by reissuing a new token called ankrBNB which would be distributed to pre-hack aBNBc holders.

Ankr would also buy $5 million in BNB tokens to compensate liquidity providers.

Today’s attack, though far from the largest, puts 2022 closer to becoming one of the most lucrative years for hackers. According to crypto sleuthing firm Chainalysis, more than $3 billion has already been stolen from various crypto protocols.

Last year, the total amount stolen was an all-time high of $3.2 billion.

Stay on top of crypto news, get daily updates in your inbox.

Source: https://decrypt.co/116268/binance-pauses-withdrawals-amid-5m-ankr-hack