Due to a bug in its code, Ankr, BNB Chain-based decentralized finance (DeFi) protocol has confirmed via an announcement that it has been hacked by a multi-million dollar exploit on Dec. 1. The code that has been affected by the bug allowed unlimited minting of its token without any sort of verification. 

On-chain security analyst PeckSheild has first discovered  The attack appeared to be first discovered the attack at approximately 12:35 am UTC on Dec. 2. 

This is why the attacker was able to mint six quadrillions of the Ankr Reward Bering Staked BNB (aBNBc) tokens, according to security research firm PeckShield. The price of the Token has now dropped by 100% after this exploit. The attacker has transferred some amount of its stolen funds to a decentralized cryptocurrency tumbler, Tornado Cash.

Ankr has called itself the first ‘node-as-a-service’ platform. The attacker has made around $10 million worth of USD Coin (USDC) tokens.

To obtain a wrapped version, the liquid staking feature of Ankr allowed users to deposit BNB tokens. Binance has reported the attack and has informed that it is working with relevant firms to investigate further the issue. The exchange has also assured the users of Binance that their funds are safe. After suffering a $570 million hack in October 2022, the Binance BNB chain was suspended temporarily.

The hacker has previously used services such as Tornado Cash, Uniswap, and other bridges to obfuscate and swap their funds in order to hold onto $5 million of USD coin, according to a Twitter post from on-chain analysis firm Lookonchain.

It further added to its post that “all underlying assets on Ankr Staking are safe at this time, and all infrastructure services are unaffected.”