How Attackers Made $15M From Staking Platform Helio After Ankr Exploit

An unknown group of attackers were able to drain some $15 million in liquidity from BNB Chain-based staking platform Helio on Friday morning after exploiting an oracle issue on the protocol, on-chain data shows.

Oracles are third-party services that fetch data from outside sources to within a certain blockchain. Oracles are extensively used by decentralized finance (DeFi) protocols to ensure their lending, borrowing and other services are accurate. Delays, however, could mean the loss of funds as malicious traders take advantage of price differences.

The Helio exploit came hours after the DeFi Ankr was attacked for $5 million. The Ankr attacker was able to mint 6 quadrillion aBNBc tokens, which they eventually turned into roughly 5 million USDC, as CoinDesk reported.

The Ankr exploit caused the prices of aBNBc tokens to plunge 99% in the minutes following the attack, setting the base for the second exploit on Helio. It is unclear at writing time if both the attacks were conducted by the same attacker or group of attackers.

Blockchain data shows that the Helio attacker acquired some 183,000 aBNBc tokens with 10 BNB during Asian morning hours on Friday. Delayed oracle data on Helio then allowed the attacker to borrow $16 million worth of HAY stablecoin.

The illicitly gained HAY was then swapped for 15 million Binance USD (BUSD), blockchain data cited by security firms BlockSec and PeckShield shows.

The HAY staking pool continues to hold some $19 million in locked funds, with developers stating in European afternoon hours that staked funds remained safe. Helio said in a separate tweet that it was working to mitigate the ongoing situation and asked users to avoid transacting in HAY.

Meanwhile, Binance froze some $3 million linked to the attack that were allegedly moved by the attackers to the exchange, founder Changpeng Zhao said in a Friday tweet.

Read more: DeFi Protocol Ankr to Reimburse Users Affected by $5M Exploit