Taking a Closer Look at Ankr Hack

3 min read
Taking A Closer Look At Ankr Hack

Ankr protocol a web3 infrastructure provider suffered a governance key compromise.

TL;DR#

On December 02, 2022, the Ankr protocol on BNB chain suffered a governance key compromise, allowing an attacker to mint 10,000,000,000,000 $aBNBc tokens and drain the DEX pool, resulting in the loss of approximately $5 million.

Introduction to Ankr#

Ankr is a decentralized Web3 infrastructure provider that helps developers, decentralized applications, and stakers interact easily with an array of blockchains.

Vulnerability Assessment#

The root cause of the vulnerability is due to the compromise of their governance key.

Steps#

  • The team had announced changes to all Reward Bearing and Earning Tokens token models prior to the incident.
  • The $aBNBc token is an upgradeable token contract, which means that the admin can change the code at any time.
  • The exploiter stole the key of Ankr Deployer and minted himself 10T $aBNBc tokens as viewed from this transaction.
  • The preparator transferred 1.125 $BNB tokens to Ankr Exploiter address as a gas fee by controlling the key of Ankr Deployer, and then began to dump $aBNBc.
  • The attacker also sent between $3 and $4 million involving multiple transactions to the ETH mainnet through the Celer bridge.
  • Additionally, the exploiter used PancakeSwap to exchange $aBNBc tokens for $BNB and $USDC before converting them to $ETH.
  • The $aBNBc-related pool on PancakeSwap has been depleted, and the exploiter has consequently ceased dumping aBNBc.

Aftermath#

After the incident, the team issued a statement on Twitter mentioning that they were currently working with exchanges to immediately halt trading. The price of the $ANKR token plummeted and was last observed trading at $0.02168.

In addition, they stated that all the underlying assets on Ankr Staking were safe at this time, and all infrastructure services are unaffected. The team will be drafting a plan to compensating affected users.

How to prevent such an attack vector#

The exploiter deployed an attack contract, changed the upgradeable aBNBc contract to the malicious implementation, and then minted a massive amount of tokens for his wallet. This can either be caused by the compromise of the private key of the deployer during their migrations, or it could also potentially be an insider job where the attack was planned to coincide with the event.

Multisignature wallets and pause contract events are also industry standards for the majority of blockchain teams to mitigate against events of such nature to a greater extent.

Had Ankr partnered with Neptune Mutual to set up a dedicated coverage pool before the incident, the fallout might have been significantly mitigated. At Neptune Mutual, we understand the intricacies of the DeFi landscape, which is why we offer coverage to users who might face losses from vulnerabilities in smart contracts.

Our avant-garde parametric policies ensure that users are not mired in bureaucratic processes when proving their losses. Instead, they can readily claim their payouts and post an incident's confirmation and resolution through our rigorous incident resolution framework.

Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and sense of responsibility to do so.

Reference Sources PeckShield, BlockSec

By

Tags