A new month, a new DeFi hack! While the situation and what happened remains unclear, it looks like a hacker has exploited the decentralized financial protocol Ankr.
As Binance CEO Changpeng Zhao (CZ) stated a few hours ago, there are possible hacks on Ankr and Hay. According to initial analysis, the developer’s private key was hacked, which enabled the attacker to manipulate an Ankr smart contract.
Blockchain security company PeckShield stated via Twitter:
Our analysis shows the $aBNBc token contract has an unlimited mint bug. Specifically, while mint() is protected with onlyMinter modifier, there is another function (w/ 0x3b3a5522 func. signature) that completely bypasses the caller verification to have arbitrary mint !!!
Through this, the attacker was able to mint 6 quadrillion aBNBc tokens, which he converted into around 5 million USDC. CZ informed that Binance paused withdrawals a few hours ago. It also froze about $3 million…
