Decentralized finance (DeFi) protocol Ankr said it will reimburse the users impacted by the $5 million exploit that occurred on its platform earlier Friday.
“We will take a snapshot and reissue ankrBNB to all valid aBNBc holders before the exploit. The ankrBNB token will continue to be redeemable, while aBNBc and aBNBb will no longer be redeemable,” Ankr said in a tweet after the exploit.
Ankr, which called itself the first “node-as-a-service” platform, had suffered the multimillion-dollar exploit due to a bug in its code that allowed for unlimited minting of its token.
After minting the quadrillions of aBNBc token, the attacker was able to swap 20 trillion of them for BNB, then move those to crypto mixer Tornado Cash. The attacker then swapped the BNB tokens for 5 million USDC.
Because the hacker almost completely drained the aBNBc liquidity pools on PancakeSwap and ApeSwap, the token lost nearly 99% of its value, according to CoinGecko data.
According to security research firm PeckShield, the code behind the Ankr contract allows any user to mint an unlimited amount of the protocol’s reward-bearing staking tokens without any sort of verification. This allowed the attacker to mint six quadrillion of the aBNBc token.
