Cointime

Cointime

Download App
iOS & Android

After Action Report: Our Findings From the aBNBc Token Exploit

Validated Project

After restoring security and responding to the events of the Dec. 1st exploit of our aBNBc token, Ankr has carefully reviewed the facts and taken steps to prevent any attacks like it in the future. Regardless of any damage done, we are proud of how the team handled the situation at every turn and did right by taking care of our community.

After the hack Ankr immediately:

  • Restored security and worked with DEXs to halt trading
  • Formed and executed a thorough recovery plan for the community
  • Identified the exploiter (currently working with law enforcement to take appropriate legal action)

Who Caused The Exploit?

A former team member (who is no longer with Ankr) acted maliciously to conduct a supply chain attack, inserting a malicious code package that was able to compromise our private key once a legitimate update was made. We are in the process of working with law enforcement to prosecute the former team member and bring them to justice. Unfortunately, internal bad actors can affect any protocol and we are working on shoring up internal HR processes and safety measures to strengthen our security posture going forward.

How Did We Respond?

Immediate Action Taken To Halt the Attack

Right away, Ankr took several actions to minimize any damage from the exploit:

  • Communicated the exploit to the public and executed plans to resolve the situation as quickly as possible.
  • Alerted known off-ramps to implement their emergency plans and halt trading
  • Secured the smart contracts with a new key, preventing any further tampering.
  • Updated smart contracts and systems to temporarily pause the movement of the underlying collateral (BNB) within our liquid staking product to be safe.

Formed a Recovery Plan

Ankr took several measures to start compensating users to the full extent of the losses they incurred as a result of the exploit. The team used our own Advanced API Tool to find every aBNBc token holder in 10 seconds – a task that would have taken several hours to complete using normal query methods on a dedicated node.

  • Took a snapshot to identify affected users
  • Created a new ankrBNB token
  • Airdropped the token to affected holders
  • Determined reimbursement plan for most impacted users

Reimbursed Our Community

Ankr is a Web3-native organization with an extremely strong community. To uphold this reputation, we needed to do the right thing and reimburse all token holders who were affected.

  • Fixed damage to Helio (aBNBc borrowing platform) by re-stabilizing HAY Price. We will continue purchasing HAY if the token remains unpegged until all funds are spent.
  • Airdropped ankrBNB to the affected aBNBc or aBNBb token holders
  • Airdropped BNB to all affected DeFi liquidity providers
  • Reached an agreement to reimburse Wombat stkBNB LPs and planned to provide 100% coverage of the BNB Wombat LPs.

See more details on our recovery plan.

What Are We Improving?

Ankr is now implementing several improvements to our security posture. Here are a few notable reinforcements:

Requiring Multi-sig Authentication & Timelocks for All Updates

The exploit was possible partly because there was a single point of failure in our developer key. We will now implement multi-sig authentication for updates that will require signoff from all key custodians during time-restricted intervals, making a future attack of this type extremely difficult if not impossible. These features will improve security for the new ankrBNB contract and all Ankr tokens.

Revamping internal security measures

Ankr will now require escalated background checks for all employees (including all contractors and remote workers) while taking extra measures to verify the current status of those currently working at Ankr. We are also reviewing access rights and taking extra steps to minimize entry to any sensitive systems.

Implementing new monitoring & notification systems

The team was able to catch the attack extremely quickly, but we can always work on improving our response time. We are implementing new notifications systems to alert key personnel so they can be online faster during any time of day.

Refining procedures for working with DeFi protocols

Now that we’ve been through the experience of working with teams from other protocols after an incident, we can improve the process with precedent set for responding with international teams in streamlined communication channels.

More Updates To Come

We want to thank the community for your ongoing support during this time!

Ankr Ankr $0.04
-3.13%
Comments

All Comments

Recommended for you

  • Former FTX executive Ryan Salame asks court for leniency, sentences him to 18 months in prison

    According to a sentencing memorandum submitted on Tuesday, former FTX executive Ryan Salame pleaded guilty in September of last year to conspiring to make illegal political contributions and conspiring to operate an unlicensed money transmission business. His lawyer requested leniency from the court and for him to serve an 18-month sentence. While working at FTX and Alameda, Salame managed wire deposits and fiat currency exchanges for FTX clients, used Alameda funds to make political contributions, and led charity efforts in the Bahamas.

  • Hong Kong police arrested a 1 million USDT fraud gang and seized 3,000 ghost coins

    According to a report from Sing Tao Daily, Hong Kong police received a report from a 35-year-old man on April 12th, claiming that he was unable to recover cash after reselling approximately 1 million yuan worth of virtual currency USDT in a shop in Tsim Sha Tsui and suspected that he had been deceived.After an investigation by the Technology and Wealth Crime Group of the Yau Tsim Police District, the police launched an operation in multiple areas of Hong Kong on May 13th and arrested three local men aged between 31 and 34 years old, who were suspected of obtaining property by deception.The police found 3,000 fake banknotes, a money clip and a counting machine in the shop. The investigation showed that the arrested men showed the victim fake banknotes and asked him to transfer virtual currency to a designated wallet, and then refused to hand over the cash for various reasons, resulting in the victim losing approximately 1 million yuan worth of virtual currency.

  • Yesterday, Tether issued $110 million USDT and redeemed $23 million USDT

    According to ChainArgos monitoring, on May 14th, Tether issued a total of 110 million USDT and redeemed 23 million USDT.

  • El Salvador Launches Bitcoin-Based Financing for New Airport Hotel

    El Salvador has launched the announcement of Bitcoin financing for the vacation hotel at San Salvador International Airport, with a target financing goal of $6.25 million. The funds will be used to build a five-story facility covering 4,484 square meters, with 80 guest rooms, commercial space, swimming pool, and other facilities. The hotel is located inside the airport, making it the only hotel service provider in the area. The minimum investment amount for this investment opportunity is $1,000, with 6,250 tokens available for selection, each token paying a 10% annual yield every six months. The project is supervised by Inversiones Laguardia SA de CV and promoted through Bitfinex Securities.

  • US Bitcoin ETF holds nearly $60 billion worth of BTC

    As monitored by HODL15Capital, the value of Bitcoin held by US Bitcoin ETFs is currently close to $60 billion. This week, a total of 2,667 Bitcoins were purchased. Grayscale GBTC is the only ETF with net outflows.

  • Sonne Finance: This attack was a donation attack. We are investigating the attacker and have suspended the market.

    Sonne Finance released an attack analysis report. This was a donation attack. Sonne had avoided this problem in the past by adding a collateral factor of 0% to the market, adding collateral and then destroying it, and only then increasing c-factors according to the proposal. Sonne recently passed a proposal to add the VELO market to Sonne. This transaction was arranged on a multi-signature wallet, and c-factors were arranged to be executed within 2 days due to the time lock. When the 2-day time lock for creating the market ended, the attacker executed 4 of the transactions and then executed the transaction to add c-factors to the market. The attacker was able to use the protocol to obtain approximately $20 million in funds through a known donation attack. Seal contributors quickly noticed this issue and reserved approximately $6.5 million by adding VELO worth approximately $100 to the market. Sonne is investigating the attacker and has suspended the market to mitigate further losses. Sonne is prepared to offer a bounty to the attacker and promises not to pursue the issue further if the attacker returns the funds.

  • Sonne Finance confirms attack, but still has about $6.5 million in funds

    On May 15th, Sonne Finance announced that its Optimism protocol had suffered a known donation attack, resulting in a loss of approximately $20 million. The attack exploited a vulnerability in the newly launched market and within two days of its creation, the attacker used a multi-signature wallet and time-lock function to execute critical transactions, successfully manipulating the market's collateral factors (c-factors). Despite Sonne's team quickly organizing a response to the attack and suspending the market within 25 minutes of discovering the issue to minimize further losses, approximately $6.5 million in funds were still retained. Sonne's team is working hard to track down the identity of the attacker and has offered a bounty to the attacker in the hopes of returning the funds to avoid further investigation. At the same time, Sonne's team sincerely apologizes for this incident and is reaching out to all possible partners to try to recover the funds.

  • Huobi HK’s application for a Hong Kong virtual asset trading platform license was withdrawn on May 14

    On May 15th, according to updated data on the official website of the Hong Kong Securities and Futures Commission, Huobi HK's application for a virtual asset trading platform license submitted to the Hong Kong Securities and Futures Commission was withdrawn on May 14th.

  • A bill protecting Bitcoin rights has been signed into law in Oklahoma

    A bill protecting basic Bitcoin rights has been signed into law in Oklahoma. Oklahoma will now defend the rights to self-custody, consume Bitcoin and digital assets, and operate nodes for mining Bitcoin. It will also prohibit additional taxation when Bitcoin and digital assets are used as a payment method.

  • Fed's Schmid: Low interest rate environment "may not necessarily" return

    The Federal Reserve's Schmid said that the overall economy is still strong. Inflation is still too high, and the Federal Reserve has more work to do. Interest rates may remain high for a period of time, and I prefer to reduce the Federal Reserve's balance sheet as much as possible under the premise of compliance with the operating framework. The low interest rate environment may "not necessarily" return.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company