Ankr Gets Hacked For $5 Million

avatar

In today's edition of YIYL, (You Invest, You Lose) we head back to the oh-so-magical world of DEFI where yields are made up and the only ones really profiting are those selling you on buying into the yield product as you become their exit liquidity.

While Ethereum remains the primary place for ponzinomics to play out, BNB has been no stranger to it with smaller-time scams running it due to the lower fees and the ability "wrap" your shitcoin into BNB making it easier to port over your make-believe money.

While most of the drama around shitcoin land revolves around the flow up of FTX, DEFI is still going, yes the unstoppable code and permissionless smart contracts are holding on to what Liquidity probably from VCs and some portion of retail that have serious tolerance for pain.

If you are still participating in this space, you're either hoping for a massive moon shot or you're so deep in the hole you don't really care anymore what is one more loss, am I right?

So who was the unlucky gambler this time? Well, Ankr ofcourse!

ankrhacked.png

Ankr'd and going down with the ship

Ankr, another make my own token out of thin air and attach it to my services platform was brought down this week. Their claim to game is that they are the first ‘node-as-a-service’ platform, that allows for liquid staking across ETH rip-offs BNB, MATIC, and AVAX.

THey also offer various SDKs you can pay for and build your own web3 projet so you can easily scam others and then use their platform to pull out some of that sweet exit liquidity.

Anyway the scammers got scammed as Ankr suffered a multi-million dollar exploit due to a bug in its code that allowed for unlimited minting of its token.

https://twitter.com/lookonchain/status/1598499855412121600

The BNB Chain-based Ankr defi protocol suffered an exploit of their aBNBc token, a wrapped version of BNB that works in their system. After the attacker used a command to mint 6 quadrillion of these tokens, they then bridged and tumbled at least 20 trillion of the aBNBc token for BNB, then move it to Tornado Cash.

That netted them a cool $5 million in USD from the exploit before the announcement was even made.

"We are currently working with exchanges to immediately halt trading," they wrote. However,

https://twitter.com/ankr/status/1598503332477280256

According to PeckShiled suggested the contract had an unlimited mint bug, allowing arbitrary minting of aBNB tokens. The attacker, and possible subsequent copycat attackers, used this flaw to mint quadrillions of aBNB, which they then traded to various other tokens.

https://twitter.com/peckshield/status/1598508401755144196

Talk about the price

As the hacker has nearly completely drained the aBNBc liquidity pools on PancakeSwap and ApeSwap, the token has lost nearly 99% of its value, which is meant to be pegged to the price of BNB, so if you're holding this derivative of BNB you're shit out of luck, and again showing you why wrapped tokens are dog shit wrapped in cat shit.

Screenshot 20221202 at 11.47.01.png

As for the price of Ankrs native token, it has taken a bit of a wobble falling from around $0.0225 to as low as 0.021, which is only like a 7% drop in what has already fallen like 90+% in the bear market so do you really care at this point? You can effectively make your position to zero long ago, so why mark it as anything else now?

Screenshot 20221202 at 11.39.39.png

In steps CZ

Ankr being the "decentralised" service it is immediately went crying to exchanges to block trading and said it will re-issue the tokens after assessing the situation. Oh how very decentralised of you, blacklisting certain tokens and then minitng new ones to bail out your users. It almost seems like a centralised actor conducting a bail-out, but that can't be right?

This is decentralised, lol!

Since this is a BNB-based project Binance CEO Changpeng Zhao also mentioned they would step in when he tweeted that his exchange had frozen $3 million, which had been sent to his exchange by the hackers.

https://twitter.com/cz_binance/status/1598575867311132673

We assume that he will be handing back those funds to the Ankr team so they can have some backing to keep their shitcoin running and repair their treasury of synthetic BNB bullshit tokens.

Sources:

Have your say

What do you good people of HIVE think?

So have at it my Jessies! If you don't have something to comment, "I am a Jessie."

Let's connect

If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase

Earn Free bitcoin & shopEarn Free Bitcoin & shopClaim Free Bitcoin & Shop
lightning.jpgSmiles.jpgthebitcoincompany.jpg

Have your say

What do you good people of HIVE think?

So have at it my Jessies! If you don't have something to comment, "I am a Jessie."

Let's connect

If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase

Earn Free bitcoin & shopEarn Free Bitcoin & shopClaim Free Bitcoin & Shop
lightning.jpgSmiles.jpgthebitcoincompany.jpg

Posted Using LeoFinance Beta



0
0
0.000
6 comments
avatar

It certainly seems like the bridges and wrapped version of coins seem to be a target for these hackers. Personally it almost seems like there have been more hacks this cycle than previous cycles. Obviously the dollar amounts seem more noteworthy.

0
0
0.000
avatar

I think its because you can either attack the smart contract, the pooling contract with a flash loan attack, the oracle or even it could be internal attacks because in some cases its more profitable to blow up your project and leave your customers hanging. Either ways these pegged and wrapped assets are not priced correctly in terms of risk, they shouldn't even trade on par just to reflect that risk.

I think there are more hacks only because of the amount of capital sloshing around, if for a months work, you can pull 1 - 5 million why wouldn't you? Best bug bounty program ever

0
0
0.000
avatar

It's an interesting concept you are saying. The premise that they shouldn't trade at the same rate because there is additional risk. I guess in some respects people take on that risk for the additional utility.

I know I have had a lot of assets on the Binance Smart Chain chasing yield and also in comparison to similar offerings on Ethereum. Same goes for Fantom, and Harmony ONE.

Also the internal hack premise is a very likely scenario like you said and something that can "release them from liability"

0
0
0.000
avatar

Why I say it should trade at a discount to nav, is not only because I think its inferior or riskier, but also because you should be buying the asset cheaper because you're going to pay fees on it.

I think many people using wrapped assets don't really notice the risk premium they paying, no one is selling their wBTC for example for the 1-1 it's always slightly lower most times + your gas fees so you're hoping your yield pays for that

Its not me picking on wrapped assets that's the nature of markets, if you took your USD over the border to Canada vs Mexico you're getting a different exchange rate + markup + fees and you're taking exchange risk when you convert your CAD of MXP back into USD at the end of your trip, it's just that people write that off.

I don't see why digital assets would be any different especially wrapped ones, the issuer/smart contract, the miners, /defi app you use it on all want to make money off that capital moving between systems, like your butterball analogy

0
0
0.000
avatar

Yeah, it makes sense what you are saying. In some respects people don't notice slight differences in pricing in general within crypto because of there being all these separate exchanges with slightly different prices. All the friction moving through these crypto ecosystems is another reason it is hard to end up back with the same amount of BTC someone started with.

0
0
0.000
avatar

This post has been manually curated by @bhattg from Indiaunited community. Join us on our Discord Server.

Do you know that you can earn a passive income by delegating your Leo power to @india-leo account? We share 100 % of the curation rewards with the delegators.

Please contribute to the community by upvoting this comment and posts made by @indiaunited.

0
0
0.000