Preventing the Next Ankr Hack

Preventing the Next Ankr Hack

By Yoav Tietz

28 Feb 2023

Share this on

Share on FacebookShare on TwitterShare on LinkedIn

On December 2nd, 2022, the decentralized infrastructure provider Ankr experienced an attack resulting in the compromise of its private key, leading to a total loss of $24 million.

In this blog post, we will analyze the Ankr attack and discuss how Redefine security implementations could have immediately warned the Ankr team of the threat—and ultimately helped to prevent the attack.

The Ankr Attack: What We Know

After a spear-phishing campaign by a malicious actor, the private key of the Ankr deployer account was successfully stolen. With this key, the attacker funded themselves by the deployer. The deployer was then manipulated to publish a malicious fake token contract, disguised as the original aBNBc token.

That contract was then upgraded to replace the existing aBNBc implementation, and included a new function (0x3b3a5522) that allowed the attacker to bypass caller verification and mint unlimited tokens to their own wallet, resulting in a $5M theft. The attacker was then able to bridge funds to Ethereum, and launder the stolen loot through Tornado Cash.

As word spread, many other copycats joined in and minted aBNBc to their wallets. Two of them used this money to manipulate Helio Money for an extra $18M.

Our analysis shows the first significant price decrease of 13% occurred 7 minutes after the first massive mint. After 37 minutes came a 25% decrease.

Based on this timeline and the information we reviewed, this attack and its aftermath could easily have been prevented if Ankr had implemented the security solutions offered by Redefine.

Redefine Solutions Could Have Helped Prevent the Ankr Attack

At Redefine, we are committed to providing essential security solutions for the cryptocurrency community.

Our team has developed a contract bytecode analyzer engine that can detect malicious functionalities, like unlimited mint, in tokens. If we were monitoring the token contract or its holders, our threat detection alert system would have alerted the Ankr team or the users about the unlimited minting functionality in the token once it was deployed.

In addition to our detection system, we also offer a monitoring solution that provides an extra layer of security. Our systems would have detected the total supply increase and alerted the token holders about suspicious movements that could decrease the token's price. In this particular attack, the token's price decreased by 13% within 7 minutes—with our monitoring solution, we could have provided critical information that could have likely stopped the damage before it started.

You can trust Redefine to provide you with the necessary tools to protect your investments, monitor threats, and take action in real time. Find out more about how Redefine can offer you peace of mind across the chains.

/img/media/preventing-next-ankr-hack/bitquery-graph.png Credit: graph built with Bitquery

The Need for Increased Security Protocols in the Wake of the Ankr Attack

The Ankr attack was a devastating event that resulted in an immediate platform loss of $24 million. It is fortunate that the Ankr team was able to respond quickly and effectively to the attack, and were ultimately able to return the stolen funds to the affected holders.

However, by implementing Redefine solutions, Ankr could have helped avoid the entire incident to begin with.

Redefine security tools are designed to detect threats—such as unlimited minting and other exploits—alerting stakeholders of suspicious activity in real-time to help stop attacks before they affect end-users.

Request a demo to learn how you can Redefine your platform security today.

About Us

Redefine offers advanced end-to-end security solutions for DeFi investors and traders. Our platform supports our customers throughout their DeFi investment journey. We provide customers with a dynamic risk score, real-time risk monitoring of their portfolio, and active features that save investors’ funds in case of an attack or indication of imminent financial loss.

Follow us on Twitter and LinkedIn, and use dApprovals, our approvals manager for free.
Feel free to contact us by Email.

Media and Blog
© 2022 Redefine. All Rights Reserved.