Cointime

Download App
iOS & Android

Ankr: Will Use Reserves to Compensate Liquidity Providers for aBNBc Pools

Validated Project

Cointime staff: Ankr, a decentralized finance (DeFi) protocol on the BNB chain, has been hit with a $5 million exploit. A total of 10 trillion aBNBc was minted and later swapped by the attacker for 4,050,500 USDC and 5,000 BNB tokens.  Ankr announced that they will use reserves to compensate liquidity providers for the aBNBc pools.

The aBNBc Token Report: Security Updates Applied & Compensation for Affected LPs

Ankr identified a hack on Dec. 1st, in which malicious actors accessed the developer private key and altered the smart contract for our BNB liquid staking token (aBNBc). After internal research and assessment, we estimate the damage to be $5m worth of BNB across liquidity pools in various DEXes. Ankr has already restored security and will promptly compensate affected liquidity providers.

“Thanks to the fast actions from the Ankr team and various protocols, we were able to minimize any damage done extremely quickly. Hacks and exploits from bad actors like this are an unfortunate possibility in Web3, even with every attention to detail in security processes – but we were well prepared. Unlike previous events in the space this year, we are doing the right thing by our community and ensuring that this is taken care of immediately with lost funds restored.”

– Chandler Song, Co-Founder & CEO, Ankr

What happened?

The exploiter was able to leverage the smart contract for the aBNBc token to create an infinite amount of this token and then exchange it for USDC. The aBNBc token represents a staked version of Binance's BNB token that earns rewards from validation efforts.

The aBNBb smart contract was safe from third-party minting prior to the attack, however, the attacker was able to obtain access to the deployer key. The attacker then uploaded a new aBNBb contract that included an extra method to mint without authorization checks. The attacker minted an excess of aBNBb out of thin air and rapidly moved to swap it out for other tokens on decentralized exchanges.

The address 0xf3a used the infinite mint bug in Ankr's contract code to mint a total of 60 trillion aBNBc across 6 different transactions. The attacker was able to swap some for the stablecoin USDC and began moving them off of the Binance Smart Chain and onto Ethereum before the transactions were flagged. The Ankr team confirmed that the losses incurred are in the region of $5 million in BNB. No other liquid staking tokens or Ankr products have been affected. Likewise, Ankr’s validators, RPC API, and AppChain services continue to operate without any disruptions.

As this occurred, Ankr simultaneously:

  1. Alerted known off-ramps to implement their emergency plans (minimum: halt trading)
  2. Secured the smart contracts with a new key to prevent any further tampering.
  3. Updated smart contracts and systems to temporarily pause the movement of the underlying collateral (BNB) to be safe.

What are the next steps for Ankr?

The team at Ankr is working hard to resolve this issue completely and efficiently. We have taken the necessary steps to offset the loss of funds and resolve the attack.

  • We are identifying all those who provided liquidity to DEXes and all protocols supporting aBNBc or aBNBb LP, as well as aBNBc collateral pools (Midas, Helio) and we will notify all affected parties.
  • Ankr will purchase $5 million worth of BNB and use this to compensate the liquidity providers that have been affected by the exploit due to the drainage of liquidity pools. We understand diluted aBNBc was speculatively traded after the exploit occurred, but we are only able to compensate LP’s caught off guard by the event.
  • We are discontinuing aBNBc and aBNBb tokens effective immediately, and new ankrBNB tokens will be minted and airdropped to affected aBNBc and aBNBb users.
  • We will use a snapshot and airdrop the newly-released ankrBNB tokens to all valid aBNBc holders before the snapshot. User collateral is safe with all of BNB collateral.

What should you do as a user?

To mitigate risks, Ankr is issuing the following guidelines for liquidity providers:

  1. Do not trade aBNBc or speculatively buy it at a discount.
  2. Remove liquidity from DEXes if you are a liquidity provider (and retain the aBNBc token).
  3. Our snapshot taken on Dec-02-2022 12:43:18 AM +UTC will identify you if you are an affected LP.
  4. Wait for the ankrBNB airdrop, which will be proportional to the amount of aBNBc and aBNBb that you held. ankrBNB will be redeemable against staked BNB.

This action plan allows the team at Ankr to more rapidly restore value to legitimate token holders while also accelerating the planned migration to an upgraded contract.

At this stage, all necessary precautions are being taken to promptly resolve the situation and restore lost capital. As mentioned, Ankr will purchase $5m worth of BNB to compensate previous liquidity providers that have been affected by the exploit due to the drainage of liquidity pools.

Ankr understands the concern this has created within the community and will continue working to mitigate the situation and prevent future similar incidents.

Please note that, at this time, all user funds and underlying staked assets are safe. All aBNB users will retain their positions from before, including staked LP Tokens in Farms and accumulation of rewards during that time for doing so.

Comments

All Comments

Recommended for you

  • Grayscale ETH Trust negative premium rate is 22.77%

    According to ChainCatcher news and Coinglass data, the Grayscale Bitcoin Trust Fund (GBTC) has a premium rate of 0.02%. The Grayscale ETH Trust has a negative premium rate of 22.77%, and the ETC Trust has a negative premium rate of 36.58%.In addition, the Grayscale BCH Trust has a premium rate of 238.13%, the LTC Trust has a premium rate of 380.60%, the SOL Trust has a premium rate of 515.93%, the MANA Trust has a premium rate of 726.65%, the LINK Trust has a premium rate of 713.66%, and the FIL Trust has a premium rate of 3057.89%.

  • Net inflows into spot Bitcoin ETFs reached $179 million on March 28

    Spot on Chain, a blockchain data monitoring platform, posted on social media that the net inflow of spot bitcoin ETF on March 28th reached 179 million US dollars, a decrease of 26.9% compared to the previous trading day. After 54 trading days, the total net inflow accumulated to 12.13 billion US dollars, which is the level before the last fully negative trading week. BlackRock's iShares Bitcoin ETF (IBIT) and Grayscale's GBTC both saw a significant slowdown in daily inflows and outflows on March 28th.

  • Bitcoin spot ETF had a total net inflow of US$179 million yesterday, and the ETF net asset ratio reached 4.25%

    According to SoSoValue data, the Bitcoin spot ETF had a total net inflow of $179 million yesterday (March 28th, US Eastern Time).Yesterday, Grayscale's ETF GBTC had a net outflow of $104 million, and its historical net outflow is $14.77 billion. The Bitcoin spot ETF with the highest net inflow yesterday was BlackRock's ETF IBIT, with a net inflow of approximately $95.12 million, and its historical total net inflow has reached $13.96 billion. The second is Fidelity's ETF FBTC, with a net inflow of approximately $68.09 million yesterday, and its historical total net inflow has reached $7.56 billion.As of now, the total net asset value of Bitcoin spot ETF is $59.1 billion, and the ETF net asset ratio (market value compared to the total market value of Bitcoin) is 4.25%, with a historical total net inflow of $12.12 billion.

  • Ethereum Inscription ETHS rose over 95% in 24H

    CoinGecko data shows that Ethereum Inscription ETHS has risen by 95.9% in the last 24 hours, now reporting at 7.51 USDT. Earlier, Ethereum founder Vitalik released the latest long article "Ethereum has blobs. Where do we go from here?". As a result of this news, the price of Ethereum Inscription ETHS soared.

  • Binance exec sues Nigeria’s National Security Agency over detention

    According to CoinGape, Tigran Gambaryan, a detained executive of Binance, has filed a lawsuit against the National Security Adviser (NSA) and the Economic and Financial Crimes Commission (EFCC) in Nigeria. Local media reported that on March 28th, Tigran Gambaryan sued the National Security Agency, accusing it of violating his basic human rights and seeking five major remedies from the court.He urged the court to approve the return of his passport and to release him immediately after more than three weeks of detention. He also requested a ban on future detention in similar investigations and demanded public apologies from the National Security Agency and the EFCC.In addition, he requested that the court pay the full amount of compensation for the lawsuit.

  • Vitalik: As L2 transaction costs decrease, there’s no reason why Ethereum can’t be widely adopted

    After the upgrade and introduction of blobs on Ethereum Dencun, Ethereum founder Vitalik Buterin shared his insights on the future direction of Ethereum's expansion. Vitalik emphasized the transformation of Ethereum's expansion from basic expansion work to centralized, progressive enhancement. Vitalik also stated that developers' focus will shift to the application layer. Ethereum will maintain its roadmap centered on L2, and applications will migrate from L1 to L2 to benefit from faster and more cost-effective transactions. An upcoming upgrade is Data Availability Sampling (DAS), which aims to increase the data space for each slot to 16 MB. Progressive expansion improvements include gradually increasing blob capacity, improving data compression, and EIP-7623 (aimed at reducing maximum block size). Vitalik pointed out that with the reduction of L2 transaction costs, there is no reason why Ethereum should not be widely adopted.

  • RWA project Midas completes US$8.75 million in seed round financing

    According to Jinse Finance, RWA project Midas has completed a seed round of financing worth $8.75 million, led by BlockTower, Framework, and HV Capital, with participation from institutions such as Coinbase Ventures, Ledger, GSR, Hack VC, Axelar, and FJ Labs.

  • Two Different Sentences for FTX Founder Sam Bankman-Fried: 25 Years and $11 Billion vs. 16 Months and $8 Billion Losses

    The founder of FTX, Sam Bankman-Fried, has been sentenced to 16 months in prison and charged with eight criminal counts, including money laundering and conspiracy. He was involved in a scheme that caused customers to lose $8 billion and allegedly diverted customer funds to Alameda. Bankman-Fried's lawyers had requested a lighter sentence, but the judge rejected their argument that the collapsed company had vowed to return money to its customers. Prosecutors had sought up to 50 years in prison for Bankman-Fried.

  • SBF ordered to forfeit more than $11 billion

    SBF has been ordered to confiscate more than 11 billion US dollars. SBF has now been sentenced to 25 years in prison.

  • Former CEO of FTX and Alameda Research Sentenced to 25 Years in Prison for Fraud and Money Laundering

    Sam Bankman-Fried, the co-founder and former CEO of FTX and Alameda Research, has been sentenced to 25 years in prison for fraud and money laundering. The judge criticized Bankman-Fried's behavior during the trial and deemed a 25-year sentence to be sufficient. Bankman-Fried's sentence may send a message to the crypto industry and there is no possibility of parole, but he may earn "good time" credit for good behavior while incarcerated. Bankman-Fried was found to have misused over $8 billion in customer funds and will be serving time in prison for his actions. The trial emphasized the importance of not using customers' funds without their knowledge or approval.