Hacking the ANKR platform: the damage can be many times greater

After the exploit, 2 hackers were able to make a fortune (officially).

The first one sold an aBNBc "pack", thus clearing the liquidity pool on the Pancake Swap decentralized exchange. The income from the manipulation amounted to $ 5 million. The second hacker was more cunning.

Following the aBNBc collapse, he bought 180K aBNBc for 10 BNB, exchanged them for Helio protocol hBNB and used them as collateral to take a loan in the project’s stablecoin. Then he exchanged $16 million units of this stable for BUSD, leaving his 10 BNB as collateral. In the end, loss - $3K, profit - $16 million.

There are several ways to hack a decentralized protocol:

The last 2 ways are actually an arbitrage opportunity. While the exchanges and the affected projects did not have time to react to the hack, hackers bought tokens for a penny and sold them close to the market price in a couple of clicks.

To explain the ANKR hack, let's remember the recent GALA token exploit on the BSC network. A month ago, a hacker attacked pNetwork and issued trillions of pGALA tokens, after which he successfully sold them on DEX exchanges. But, as with aBNBc, that was not the hack’s goal.

Due to platforms being disorganized, the GALA entry into the BSC network on some exchanges was open for as long as 30-40 minutes after the hack. Ordinary users bought a coin 100 times cheaper than the market value, transferred it to CEX and sold it. The Huobi exchange suffered the most, eventually accusing pNetwork of deliberately leaving a loophole in the smart contract and intentionally stalled before announcing the hack.

Even after pGALA was closed on all exchanges, arbitrators sent the token across the bridge and sold coins on DEX on the Ethereum network.

Not only could aBNBc from ANKR be used for another hour in credit protocols that considered the asset at “full value”, but also aBNBc was easily exchanged through bridges for wBNB, hBNB, stBNB and other wrapped tokens, subsequently being sold for the market price BNB. The deBridgeGate and Celer bridges were mostly involved.

At the same time, some users stated that they were even able to exchange aBNBc for the original BNB, and sell them easily as a result. The coin’s exchange rate was not affected much, because the capitalization was too large.

Many in the arbitrage community are celebrating today. In 20 minutes, the guys earned a fortune, while staying in the shadows. In an official statement, ANKR referred to the fact that only the pool on Pancake Swap and the Helio protocol were affected, but, in reality, there were much more victims of the attack, and the loss could easily reach $60-80 million mark with decentralized exchanges alone.

A version immediately emerged on the network that the attack was planned by the ANKR protocol itself, which left the backdoor open in the base contract. And the fact that Tornado Cash and the anonymous protocol Zcash (ZEC) were used to “launder” the funds shows that the attacker had been preparing the hack for a long time, having thought about covering up the tracks in advance. ANKR also stated that it would pay compensation to all users who were affected by the initial attack. That is, those who held aBNBc before the hack. This is only $5 million. According to them, it has nothing to do with the rest of ANKR's losses.

It is likely that there will only be more of these attacks in the future, and to prevent them, you need to carefully check smart contracts and react swiftly, closing all loopholes. And ordinary users can only diversify their risks and restrict their work with projects with the algorithm that they don’t understand to a minimum.