Main navigation

Ankr Unveils Attack Investigation Results, Shares Recovery Plan

Thu, 12/22/2022 - 15:52
article image
Vladislav Sopov
Blockchain RPC provider Ankr unveiled final post-mortem of its Dec. 1 attack
Ankr Unveils Attack Investigation Results, Shares Recovery Plan
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Contents

On Dec. 1, 2022, blockchain RPC provider Ankr was attacked: someone managed to access the keypair of the team and manipulated the price of aBNBc stakers' token. Here's what the team knows so far and how it plans to recover from the attack.

Here's how Ankr mitigated attack

According to the After Action Report: Our Findings From the aBNBc Token Exploit statement by the Ankr team, the attack on its aBNBc token was initiated by a former team member.

The attacker injected a malicious code to compromise Ankr's private key once a legitimate update was made. The team claims that it is collaborating with law enforcement agencies and will bring the attacker to justice.

Ankr engineers immediately alerted all on- and off-ramps about the emergency measures and updated the smart contracts to ensure that no further tampering could happen. Then, the team found all affected users and airdropped a purpose-made ankrBNB compensation token to them.

Compensation ankrBNB was transferred to affected aBNBc or aBNBb token holders. Also, the team fixed the damage to Helio staking platform and stabilized the price of HAY token. A further reimbursement program was announced for the worst sufferers of the attack.

Ankr announces massive improvement plan

To prevent such attacks from happening again, Ankr is going to deploy and activate a number of improvements. First and foremost, the procedure of the protocol update will be improved: the team will employ multi-sig authorization and timestamp for all upgrades activated in mainnet.

The Ankr team is also creating a new internal security measures protocol: all access rights will be reviewed for those working with Ankr. Also, Ankr representatives will implement new monitoring and notifications systems for its clients and community.

Finally, the team is going to reconsider the standards of interaction between Ankr and third-party DeFi protocols.

Related
Ankr to Issue Airdrop to Allow Holders to Receive Tokens After Exploit

As covered by U.Today previously, Ankr exploiter managed to steal and withdraw over $5 million in Binance Coin (BNB) equivalent thanks to manipulations of the prices of assets in Ankr's staking ecosystem.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (Swap.online, Monoreto, Attic Lab etc.)