A $5 million hack of Ankr protocol on Dec. 1 was caused by a former team member, according to a Dec. 20 announcement from the Ankr team.

The ex-employee conducted a “supply chain attack” by putting malicious code into a package of future updates to the team’s internal software. Once this software was updated, the malicious code created a security vulnerability that allowed the attacker to steal the team’s deployer key from the company’s server.

Previously, the team had announced that the exploit was caused by a stolen deployer key that had been used to upgrade the protocol’s smart contracts. But at the time, they had not explained how the deployer key had been stolen.

Ankr has alerted local authorities, and is attempting to have the attacker brought to justice. It is also attempting to shore up its security practices to protect access to its keys in the future.

(by Tom Blackstone)