The founder and CEO of the biggest cryptocurrency exchange in the world, Binance, Changpeng Zhao “CZ,” tweeted that the Web3 operator Ankr and the destablecoin Hay were hacked in the early hours of Friday morning.
According to CZ’s first investigation, the developer’s private key was compromised, and the hacker also modified the smart contract to make it more dangerous. He went on to say that Binance had stopped withdrawals a few hours earlier and had also frozen around $3 million that had been transferred to their CEX by hackers.
Helio Protocol’s HAY “destablecoin,” which the company touts as a decentralized stablecoin, had its $1 peg broken when it was used as collateral in an assault on the cryptocurrency exchange Ankr. According to Zhao, the hacker made off with around 15.5 million Binance USD, which was a portion of the $3 million that was frozen.
PeckShield, a company that specializes in security research, claims that the code that underpins the Ankr smart contract makes it possible for any user to mint a limitless quantity of the reward-bearing staking tokens associated with the protocol without undergoing any kind of verification. Because of this, the adversary was able to generate six quadrillion of the aBNBc token.
Ankr confirmed it, saying:
“Our aBNB token has been exploited, and we are currently working with exchanges to immediately halt trading. All underlying assets on Ankr Staking are safe at this time, and all infrastructure services are unaffected.”
Since the exploit was discovered, the price of the aBNBc token has dropped by approximately one hundred percent. Recent indications indicate that the perpetrator may have already moved part of the stolen monies to the Tornado Cash account. According to PeckShield, a portion of the stolen bitcoin was bridged using the cryptocurrencies Celer and deBridgeGate.