Decentralized finance (DeFi) infrastructure provider Ankr has been exploited to the tune of over $5 million due to a bug that allowed for unlimited minting of its token.
In a tweet today, the team said that their aBNBc token had been exploited. They also asked exchanges to halt trading and asked liquidity providers to remove liquidity from decentralized exchanges (DEXs).
The team did not provide specific details of the exploit, but crypto security firm PeckShield said they found out that the project’s smart contract had an unlimited minting bug. This allowed the attacker to mint six quadrillion aBNBc tokens, tanking the token price as the supply hit the market.
After minting quadrillions of aBNBc token, the attacker used the decentralized exchange PancakeSwap to swap them for BNB before moving them to crypto mixer Tornado Cash. The attacker then swapped the BNB tokens for 5 million USDC.
Since the hacker has almost drained the aBNBc liquidity pools on PancakeSwap and ApeSwap, the token has plunged by more than 99%. As of now, aBNBc token is trading at $1.52, down by 99.5% over the past day. The coin recorded an all-time high of over $380 in May this year.
Crypto security firm Lookonchain also reported that one opportunistic trader managed to turn 10 BNB ($2,885) into 15.5 million BUSD by using the BNB to buy aBNBc and used them as collateral against a 15.5 million BUSD loan on DeFi lending protocol Helio, which did not have up-to-date pricing on aBNBc post-crash.
The team is already looking for ways to reimburse affected users.
Binance CEO CZ also confirmed the hack, adding that the exchange froze about $3 million worth of crypto assets that the hacker had deposited.
Ankr is a cross-chain infrastructure with a DeFi platform that enables staking and dApp development. It hosts various protocols related to the development of dApps and the DeFi sector.
Notably, hacks and exploits continue to be rampant in crypto. As reported, Binance announced the suspension of deposits and withdrawals from its BNB chain in early October after it identified an unauthorized transfer of BNB coins. The hacker or hackers used a bug to withdraw BNB 2 million, worth around $568 million at the time.