Web3 infrastructure provider Ankr has provided insight into the circumstance that led to exploiting its aBNBc tokens.
The protocol revealed in a recent blog post that it had identified a former team member as an architect of the security breach as he placed malicious code in their programs.
"A former team member (who is no longer with Ankr) acted maliciously to conduct a supply chain attack, inserting a malicious code package that was able to compromise our private key once a legitimate update was made," Ankr said.
Recall that in early December, the BNB Chain-based decentralized finance protocol suffered a $5 million exploitation on its network. Blockchain security firm, Peckshield first raised the alarm of the exploitation.
The exploiter minted 20 trillion Ankr reward-bearing staked BNB (aBNBc). Later, in a Twitter post, Lookonchain, an on-chain analysis firm, confirmed the exploitation, maintaining that the exploiter dumped the minted 20 trillion aBNBc on PancakeSwap. Afterward, the exploiter reportedly exchanged the funds for more than $5 million worth of USD coins on Uniswap, Tornado Cash, and others.
The Ankr team has been investigating the incident, which led it to its former team member.
Ankr Working With Security Agents to Prosecute ex-team Member
The protocol further stated that it has started working with law enforcement to prosecute the former team member. More so, Ankr promised to shore up its internal HR processes and safety measures to strengthen the network’s security. As part of its security plans, the firm has committed to working on the following aspects:
- Integrating multisig authentication and timelocks for updates
- Enhancing internal security measures
- Implementing a new monitoring and notification system
- Refinement of DeFi protocol working procedures
Ankr said it had taken several measures to minimize the effect of the exploitation on its users. According to the protocol, it used an Advanced API Tool to locate every aBNBc token holder in 10 seconds and has determined a reimbursement plan for them. According to reports, Ankr airdropped BNB tokens to affected users on Dec. 2.
Credit: Source link
