Ankr wrote that the former team member carried out the hack by using malicious code that compromised its private key when a legitimate update was made.
The hacker exploited a bug in Ankr Protocol’s code to mint six quadrillion aBNBc tokens and converted part of it into $5 million USDC — Binance seized $3 million of the converted stolen funds. Blockchain analytical firms said at the time that a private key compromise caused the hack.
Ankr said it has reported the former team member to law enforcement agencies and added:
“[We are] shoring up internal HR processes and safety measures to strengthen our security posture going forward.”
Meanwhile, all Ankr employees will now be subjected to background checks, and access to sensitive systems will be restricted. Additionally, Ankr said it will implement multi-sig authentication for updates to prevent a recurrence of such hacks.
Ankr reimbursed affected parties
Ankr said it took measures to compensate users, liquidity providers, and lenders affected by the exploit.
According to the firm, it created a new ankrBNB token that was later airdropped to affected holders. It added that it was working to fix the damage to Helio (aBNBc borrowing platform) by re-stabilizing the price of the HAY stablecoin.
Following the exploit, HAY stablecoin depegged because a trader profited $15 million from the situation. The trader borrowed around $16 million HAY stablecoin from its pool against 10 BNB because the platform had failed to update the price of Ankr-related tokens.
Ankr said it would continue purchasing the HAY stablecoin until it returns to peg. As of press time, the stablecoin was trading for $0.998143.