Ankr’s Exploit Enabled an Attack on Stablecoin Issuer Helio

BNB Chain-based decentralized finance (DeFi) protocol Ankr was hit by a multi-million dollar exploit, which also affected stablecoin issuer Helio Protocol, Ankr said via Twitter on 2 December.

According to the announcement, a hacker targeted a vulnerability in Ankr’s smart contract to mint trillions of aBNBc — a reward token tied to the price of the BNB token — which he then used to drain all of its liquidity from decentralized exchanges on BNB Chain, and get away with roughly $5 million worth of digital assets. Ankr quickly got in touch with exchanges to halt trading of the token, and assured users that the underlying assets on Ankr Staking were safe.

On-chain analytics firm Lookonchain has suggested that the exploit was made possible not only through a vulnerability in Ankr’s smart contract code, but also through a compromised private key, which allowed the attacker to modify the protocol’s smart contracts. Ankr is currently working on resolving the issue, and has proposed to purchase $5 million worth of BNB to compensate liquidity providers that have been affected by the exploit.

The event caused the price of aBNBc to fall by more than 99%, which allowed an opportunistic trader to cash in on the exploit. Lookonchain reported that an individual took advantage of the crashed price of aBNBc to purchase 183,885 tokens with only 10 BNB, which he then deposited to stablecoin issuer Helio Protocol. The platform did not have up-to-date pricing on aBNBc after the Ankr exploit, which allowed the individual to borrow $16 million worth of the HAY stablecoin, which was then swapped for 15.5 million BUSD.