
Unfolding the Wormhole Exploit
Learn about the hack on Wormhole and how the team counter-exploited the attacker.
Youtube Video
Playing the video that you've selected below in an iframe
Ankr protocol a web3 infrastructure provider suffered a governance key compromise.
On December 02, 2022, the Ankr protocol on BNB chain suffered a governance key compromise, allowing an attacker to mint 10,000,000,000,000 $aBNBc tokens and drain the DEX pool, resulting in the loss of approximately $5 million.
Ankr is a decentralized Web3 infrastructure provider that helps developers, decentralized applications, and stakers interact easily with an array of blockchains.
The root cause of the vulnerability is due to the compromise of their governance key.
After the incident, the team issued a statement on Twitter mentioning that they were currently working with exchanges to immediately halt trading. The price of the $ANKR token plummeted and was last observed trading at $0.02168.
In addition, they stated that all the underlying assets on Ankr Staking were safe at this time, and all infrastructure services are unaffected. The team will be drafting a plan to compensating affected users.
The exploiter deployed an attack contract, changed the upgradeable aBNBc contract to the malicious implementation and then minted a massive amount of tokens for his wallet.
This can either be caused due to the compromise of the Deployer key during their migrations, or it could also potentially be an insider job where the attack was planned to coincide with the event.
Multisignature wallets and pause contract events are also industry standard for majority of blockchain team to mitigate against events of such nature to a greater extent.
Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.
Reference Sources
PeckShield, BlockSec