Exploits on Ankr and Helio

in crypto •  2 years ago 

A series of connected attacks ended up costing infrastructure provider Ankr and stablecoin issuer Helio Protocol (BSC Chain) a total of $20 million, according to on-chain analysis by security firm BlockSec.

The first attack targeted a liquid staking token product run by Ankr, resulting in a loss of more than $5 million.

1st Attack

An unknown hacker leveraged a vulnerability in Ankr's smart contract to mint trillions of aBNBc(6 quadrillion aBNBc), a reward token tied the price of Binance’s exchange token BNB, as noted by BlockSec and other analysts.

Once the attacker minted those tokens, they sold and drained all of its liquidity across decentralized exchanges on BNB Chain to get away with more than $5 million.
Ankr acknowledged the exploit, adding that it was working with exchanges to stop deposits from addresses connected with the attacker.

2nd Attack

As the hacker sold off a large number of aBNBc on decentralized exchanges, the price of the aBNBc token collapsed by more than 99%. This opened the room for the second exploit.

In this second instance, someone acquired some 183,000 aBNBc tokens with 10 BNB ($2,900), BlockSec detected. The attacker then deposited the tokens into a BNB Chain-based stablecoin issuer Helio Protocol to drain funds.

The attacker was able to borrow $16 million in the HAY stablecoin with a small amount of aBNBc collateral as the oracle system used by Helio Protocol failed to update aBNBc prices after its rapid crash.
The attacker swapped their HAY stablecoin for $15 million Binance USD (BUSD), resulting in a massive loss for the protocol.

BlockSec noted that $15 million of the stolen funds in the second attack moved to crypto exchange Binance. So far, $3 million of the funds have been seized, according to Binance CEO Changpeng Zhao.

The root causes of this exploit are the smart contract vulnerability that lined to the BNB asset and the vulnerability of the orcale service that used by Helio protocol.

Most of exploits may have very common root causes and progress. But still so many protocols and devs haven't learned the lesson from that.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE BLURT!
Sort Order:  

Great info. Most of this is way over my head, but it got me wondering if XRP & Ripple are susceptible to similar attacks like this? Or are they more robust?