DeFi Protocol Ankr Says Ex-Employee Caused $5M Exploit

A former employee of decentralized finance (DeFi) protocol Ankr maliciously caused a $5 million exploit earlier this month, according to a statement published on Ankr's website.

The ex-employee inserted a malicious code package to conduct a supply chain attack, which allowed a user to mint 6 quadrillion aBNBc tokens, the company said. The attacker then converted those minted tokens for Binance Coin (BNB) before sending the ill-gotten gains to crypto mixer Tornado Cash. They eventually managed to swap the BNB tokens for 5 million USDC.

"We are in the process of working with law enforcement to prosecute the former team member and bring them to justice," Ankr said in the statement.

Following the exploit, Ankr reimbursed impacted aBNBc or aBNBb token holders by airdropping ankrBNB and also airdropped BNB to all affected DeFi liquidity providers.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.