{"id":42498,"date":"2022-12-21T16:30:00","date_gmt":"2022-12-21T20:30:00","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=42498"},"modified":"2022-12-21T16:30:03","modified_gmt":"2022-12-21T20:30:03","slug":"ankr-claims-ex-employee-caused-5m-exploit","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/ankr-claims-ex-employee-caused-5m-exploit\/","title":{"rendered":"Ankr claims ex-employee caused $5M exploit"},"content":{"rendered":"\n<h5 class=\"wp-block-heading\" id=\"h-the-ankr-team-has-alerted-relevant-authorities-and-is-seeking-to-prosecute-the-attacker-while-also-shoring-up-its-security-practices\">The Ankr team has alerted relevant authorities and is <a href=\"https:\/\/coinscreed.com\/staging\/hackers-use-mango-markets-attackers-methods-to-exploit-lodestar.html\" target=\"_blank\" rel=\"noreferrer noopener\">seeking to prosecute the attacker<\/a> while also shoring up its security practices.<\/h5>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/jpg_20221221_200049_0000-1-1024x576.jpg\" alt=\"Ankr claims ex-employee caused $5M exploit, vows to increase security\" class=\"wp-image-42502\" srcset=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/jpg_20221221_200049_0000-1-1024x576.jpg 1024w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/jpg_20221221_200049_0000-1-300x169.jpg 300w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/jpg_20221221_200049_0000-1-768x432.jpg 768w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/jpg_20221221_200049_0000-1-150x84.jpg 150w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/jpg_20221221_200049_0000-1-750x422.jpg 750w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/jpg_20221221_200049_0000-1-1140x641.jpg 1140w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/jpg_20221221_200049_0000-1.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Ankr claims ex-employee caused $5M exploit, vows to increase security<\/figcaption><\/figure>\n\n\n\n<p>A release from the Ankr team on December 20 stated that a former team member was responsible for a <a href=\"https:\/\/coinscreed.com\/staging\/ankr-protocol-hack-trader-allegedly-sees-over-5000x-gains.html\" target=\"_blank\" rel=\"noreferrer noopener\">$5 million hack of the Ankr protocol<\/a> on December 1. By incorporating harmful malware into a package of upcoming updates to the team's internal software, the ex-employee carried out a &#8220;supply chain attack.&#8221; <\/p>\n\n\n\n<p>As soon as this software was updated, the malicious code produced a security flaw that gave the attacker access to the company server and the deployer key for the team.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"embed-twitter\"><blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">After Action Report: Our Findings From the aBNBc Token Exploit<br><br>We just released a new blog post that goes in-depth about this: <a href=\"https:\/\/t.co\/fyagjhODNG\" target=\"_blank\">https:\/\/t.co\/fyagjhODNG<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><g id=\"wpil-svg-outbound-7-icon-path\" fill=\"none\" clip-path=\"url(#clip0_31_188)\">\r\n                            <path d=\"M9.16724 14.8891L20.1672 3.88908\" stroke-linecap=\"round\"\/>\r\n                            <path d=\"M13.4497 3.53554L20.5208 3.53554L20.5208 10.6066\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/>\r\n                            <path d=\"M17.5 13.5L17.5 16.26C17.5 17.4179 17.5 17.9968 17.2675 18.4359C17.0799 18.7902 16.7902 19.0799 16.4359 19.2675C15.9968 19.5 15.4179 19.5 14.26 19.5L7.74 19.5C6.58213 19.5 6.0032 19.5 5.56414 19.2675C5.20983 19.0799 4.92007 18.7902 4.73247 18.4359C4.5 17.9968 4.5 17.4179 4.5 16.26L4.5 9.74C4.5 8.58213 4.5 8.0032 4.73247 7.56414C4.92007 7.20983 5.20982 6.92007 5.56414 6.73247C6.0032 6.5 6.58213 6.5 7.74 6.5L11 6.5\" stroke-linecap=\"round\"\/>\r\n                        <\/g>\r\n                        <defs>\r\n                            <clipPath id=\"clip0_31_188\">\r\n                                <rect fill=\"white\" height=\"24\" width=\"24\"\/>\r\n                            <\/clipPath>\r\n                        <\/defs><\/svg><\/span><\/a><br><br>A \ud83e\uddf5 <a href=\"https:\/\/t.co\/d6psUbpxNY\" target=\"_blank\">pic.twitter.com\/d6psUbpxNY<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><use href=\"#wpil-svg-outbound-7-icon-path\"><\/use><\/svg><\/span><\/a><\/p>&mdash; Ankr Staking (@ankrstaking) <a href=\"https:\/\/twitter.com\/ankrstaking\/status\/1605270645864013847?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">December 20, 2022<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><use href=\"#wpil-svg-outbound-7-icon-path\"><\/use><\/svg><\/span><\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/div>\n<\/div><\/figure>\n\n\n\n<p>The attack, according to a previous statement from the company, was brought on by a stolen deployer key that was used to update the protocol's smart contracts. <\/p>\n\n\n\n<p>However, they did not reveal how the deployer key was taken at the time. Ankr has notified the appropriate authorities and is working to have the assailant prosecuted. To <a href=\"https:\/\/www.google.com\/search?q=Ankr+claims+ex-employee+caused+%245M+exploit&oq=Ankr+claims+ex-employee+caused+%245M+exploit&aqs=chrome..69i57j69i61.647j0j7&sourceid=chrome&ie=UTF-8\" target=\"_blank\" rel=\"noreferrer noopener\">safeguard future access to its keys<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><use href=\"#wpil-svg-outbound-7-icon-path\"><\/use><\/svg><\/span><\/a>, it is also making an effort to strengthen its security procedures.<\/p>\n\n\n\n<p>According to an OpenZeppelin tutorial on the topic, upgradeable contracts, like those used in Ankr, rely on the idea of a &#8220;owner account&#8221; with exclusive authority to make updates. <\/p>\n\n\n\n<p>Most developers transfer ownership of these contracts to a gnosis safe or another multisig account to reduce the risk of theft. The Ankr team claims that while it did not previously use a multisig account for ownership, it will do so going forward.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe exploit was possible partly because there was a single point of failure in our developer key. We will now implement multi-sig authentication for updates that will require signoff from all key custodians during time-restricted intervals, making a future attack of this type extremely difficult if not impossible. These features will improve security for the new ankrBNB contract and all Ankr tokens.\u201d<\/p>\n<\/blockquote>\n\n\n\n<p>Additionally, Ankr has committed to enhance HR procedures. All employees, even those who work remotely, will be subject to &#8220;escalated&#8221; background checks, and access privileges will be reviewed to ensure that only those employees who need access to critical information may do so.<\/p>\n\n\n\n<p>New notification systems will be put in place by the business as well to notify the staff more promptly when something goes wrong. On December 1, the Ankr protocol hack was initially identified. <\/p>\n\n\n\n<p>The attacker was able to create 20 trillion Ankr Reward Bearing Staked BNB (aBNBc), which were quickly exchanged for $5 million in USD Coin (USDC $1.00) on decentralized exchanges and connected with Ethereum. <\/p>\n\n\n\n<p>According to the company, it intends to reissue its <a href=\"https:\/\/coinscreed.com\/staging\/coinbase-introduces-recovery-tool-for-lost-erc-20-tokens.html\" target=\"_blank\" rel=\"noreferrer noopener\">aBNBb and aBNBc tokens<\/a> to users who were impacted by the vulnerability and to invest $5 million from its own treasury to assure that these new tokens are properly backed. Additionally, the developer invested $15 million to repeg the HAY stablecoin, which was improperly collateralized as a result of the attack.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Ankr team has alerted relevant authorities and is seeking to prosecute the attacker while also shoring up its security practices. A release from the Ankr team on December 20 stated that a former team member was responsible for a $5 million hack of the Ankr protocol on December 1. By incorporating harmful malware into [&hellip;]<\/p>\n","protected":false},"author":43,"featured_media":42502,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11476],"tags":[5258,12002],"class_list":["post-42498","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks-and-scams","tag-ankr","tag-hacks"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/12\/jpg_20221221_200049_0000-1.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/42498","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/43"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=42498"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/42498\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/42502"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=42498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=42498"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=42498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}