How Attackers Made $15M From Staking Platform Helio After Ankr Exploit

A delay in updating price data on BNB-related derivative tokens allowed some exploiters to piggyback off a previous attack.

AccessTimeIconDec 2, 2022 at 1:25 p.m. UTC
Updated Dec 2, 2022 at 3:39 p.m. UTC
Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.

Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.

An unknown group of attackers were able to drain some $15 million in liquidity from BNB Chain-based staking platform Helio on Friday morning after exploiting an oracle issue on the protocol, on-chain data shows.

CoinDesk - Unknown

HAY's staking pools continue to hold some $19 million in liquidity. (Helio)

Oracles are third-party services that fetch data from outside sources to within a certain blockchain. Oracles are extensively used by decentralized finance (DeFi) protocols to ensure their lending, borrowing and other services are accurate. Delays, however, could mean the loss of funds as malicious traders take advantage of price differences.

The Helio exploit came hours after the DeFi Ankr was attacked for $5 million. The Ankr attacker was able to mint 6 quadrillion aBNBc tokens, which they eventually turned into roughly 5 million USDC, as CoinDesk reported.

The Ankr exploit caused the prices of aBNBc tokens to plunge 99% in the minutes following the attack, setting the base for the second exploit on Helio. It is unclear at writing time if both the attacks were conducted by the same attacker or group of attackers.

Blockchain data shows that the Helio attacker acquired some 183,000 aBNBc tokens with 10 BNB during Asian morning hours on Friday. Delayed oracle data on Helio then allowed the attacker to borrow $16 million worth of HAY stablecoin.

The illicitly gained HAY was then swapped for 15 million Binance USD (BUSD), blockchain data cited by security firms BlockSec and PeckShield shows.

The HAY staking pool continues to hold some $19 million in locked funds, with developers stating in European afternoon hours that staked funds remained safe. Helio said in a separate tweet that it was working to mitigate the ongoing situation and asked users to avoid transacting in HAY.

Meanwhile, Binance froze some $3 million linked to the attack that were allegedly moved by the attackers to the exchange, founder Changpeng Zhao said in a Friday tweet.


Read more about

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.


Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


CoinDesk - Unknown

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.