DeFi Protocol Ankr Says Ex-Employee Caused $5M Exploit

The company is working with law enforcement to prosecute the attacker.

AccessTimeIconDec 21, 2022 at 3:56 p.m. UTC
Updated May 9, 2023 at 4:04 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

A former employee of decentralized finance (DeFi) protocol Ankr maliciously caused a $5 million exploit earlier this month, according to a statement published on Ankr's website.

The ex-employee inserted a malicious code package to conduct a supply chain attack, which allowed a user to mint 6 quadrillion aBNBc tokens, the company said. The attacker then converted those minted tokens for Binance Coin (BNB) before sending the ill-gotten gains to crypto mixer Tornado Cash. They eventually managed to swap the BNB tokens for 5 million USDC.

  • How Spool Is Aiming to Help Institutions Enter DeFi
    11:05
    How Spool Is Aiming to Help Institutions Enter DeFi
  • How a New Tax Proposal From the IRS Could Impact DeFi
    00:46
    How a New Tax Proposal From the IRS Could Impact DeFi
  • Curve Finance’s Stablecoin Maintains Peg as Others Struggle: Kaiko
    01:27
    Curve Finance’s Stablecoin Maintains Peg as Others Struggle: Kaiko
  • DeFi's Total Value Locked Slumps to Lowest Level Since February 2021: Data
    03:20
    DeFi's Total Value Locked Slumps to Lowest Level Since February 2021: Data
  • "We are in the process of working with law enforcement to prosecute the former team member and bring them to justice," Ankr said in the statement.

    Following the exploit, Ankr reimbursed impacted aBNBc or aBNBb token holders by airdropping ankrBNB and also airdropped BNB to all affected DeFi liquidity providers.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Oliver Knight

    Oliver Knight is a CoinDesk reporter based between London and Lisbon. He does not own any crypto.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


    Read more about