Binance, the largest crypto exchange by trading volume, paused withdrawals following an exploit on the crypto node project Ankr.
Binance's Chief Executive officer, Changpeng Zhao(CZ), tweeted today, ''Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one." «Binance paused withdrawals a few hours ago. Also froze about $3m that hackers move to our CEX,» he added.
Ankr is a DeFi staking and web platform allowing users to stake and build in the blockchain ecosystem easily and affordably.As confirmed by the Ankr team, the hackers carted away an estimated $5 million equivalent in BNB, which is the native token of Binance.
The exploit was possible because the attackers minted an infinite amount of aBNBc tokens by leveraging the token’s smart contract. These tokens are the staked version of Binance's BNB token, which earns rewards on Ankr.
After minting quadrillions of aBNBc tokens, the attacker swapped 20 trillion for BNB, then moved them to crypto mixer Tornado Cash, which enables users to break links in on-chain transactions and hide the sender's identity. The attacker then swapped the BNB tokens for 5 million USDC and began moving them off the Binance chain to Ethereum. Following the news, Ankr's price fell by 99.5% to $1.51.
Ankr is reimbursing users impacted by a $5 million exploit on its platform. «We will take a snapshot and reissue ankrBNB to all valid aBNBc holders before the exploit. The ankr BNB token will continue to be redeemable, while aBNBc and aBNBb will no longer be redeemable,» Ankr tweeted.
Even though Binance's loss was relatively small, it was the crypto exchange's second hack in two months. The whole year of 2022 was vulnerable to crypto
Read more on investopedia.com