Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Ankr's deployer key was suspected to be leaked, and hackers minted a total of 60 trillion aBNBc. According to MistTrack analysis, some funds have been cross-chained from BSC to ETH and Polygon. The hacker used Celer Network, PancakeSwap, Multichain, deBridge, 1inch, PancakeSwap, SushiSwap, ParaSwap in the process of transferring funds, and 900 BNB has been transferred to Tornadocash so far. The Ankr team stated, “Our aBNB tokens (the proof tokens for BNB pledges) have been stolen and we are currently working with exchanges to stop trading immediately. Currently all underlying assets on Ankr pledges are safe and all infrastructure Services will not be affected." Attack method (per SlowMist): Private Key Leakage. Reported loss: $ 5,000,000.
- chain
- bsc
- protocol
- Ankr
- bug_class
- private-key
- date_occurred
- 2022-12-02
- loss_usd
- $5,000,000
- source_id
- sm:ankr::2022-12-02