Ankr, Helio hit by $20m exploit; Binance reacts

The infinite mint bug in Ankr’s smart contract allowed the attacker to mint 6 quadrillion aBNB, Ankr’s wrapped BNB version, and then borrow 15 million in HAY stablecoin against aBNB collateral.

Attack successful computer display - stock photo

Helio’s HAY stablecoin is down 36%, Ankr’s wrapped BNB lost all its value, and Binance pauses withdrawals — just another normal day in crypto.

It all started quite predictably — with blockchain analytics company PeckShield ominously tagging Ankr Protocol to the tweet about what looked like an exploit. Within an hour, Ankr confirmed the hack, explaining that the attacker targeted its liquid staking token aBNB. The protocol said it was in talks with DEXs to block trading from addresses associated with the hacker.

Ankr also assured that “all underlying assets on Ankr Staking are safe at this time, and all infrastructure services are unaffected” and instructed users to remove liquidity from DEX pools and refrain from trading.

Ankr is a web3 infrastructure provider on Binance’s BNB Chain. Its “node-as-a-service” platform for proof-of-stake blockchains allows validators to stake their coins easily without the need for specialized hardware. Currently, Ankr supports staking on Polygon (MATIC), Ethereum (ETH), BNB Smart Chain (BNB), Avalanche (AVAX), Polkadot (DOT), and Kusama (KSM).

Following the news about the exploit, Ankr’s native token ANKR is down 2.3% and aBNB lost nearly all its value, trading for a tiny fraction of a cent, as per data by TradingView. The protocol already announced the plan to reimburse affected aBNB holders and liquidity providers.

"We will take a snapshot and reissue ankrBNB to all valid aBNBc holders before the exploit. The ankrBNB token will continue to be redeemable, while aBNBc and aBNBb will no longer be redeemable," Ankr said in a statement after the exploit.

So, how exactly was it possible that a double hack happened in one day? Let’s break it down!

To begin with, an unknown hacker exploited a vulnerability in Ankr’s smart contract to mint 20 trillion aBNB, a wrapped version of the BNB token issued by Ankr to reward BNB stakers on the platform. Once the attacker minted tokens and drained all aBNB pools on BNB Chain, they started to use services such as PancakeSwap, Tornado Cash, Celer, and deBridge, to move and obfuscate stolen funds across different networks. It is estimated that the hacker managed to get away with roughly 5 million USDC.

After Ankr exploiter dumped aBNB, its price collapsed by more than 99%. An opportunistic trader took an advantage of DeFi lending protocol Helio not having up-to-date pricing on aBNBc and bought 12.6 million aBNBc tokens for a shy 300 BNB ($87,000). The trader then deposited tokens into a BNB Chain-based stablecoin issuer Helio and borrowed $16 million in the HAY stablecoin with just $87,000 of aBNB collateral. Finally, the attacker swapped HAY for $15 billion in BUSD, leaving the protocol with a significant loss.

The trader was capable enough to spot the lucrative opportunity, but evidently not smart enough to get away with stolen funds — they transferred all $15 million to Binance that immediately halted withdrawals.

"Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one," Binance’s Changpend Zhao commented on the exploit. "Binance paused withdrawals a few hours ago. Also froze about $3m that hackers move to our CEX."

Since the exploit, HAY stablecoin lost its peg and currently trades at $0.65, down 33%.