Ankr Attack Incident Report: The attack originated from a malicious supply chain attack by a former member, and we are cooperating with law enforcement to prosecute
The Ankr team stated that they are still working hard to ensure that all unresolved issues will be addressed and that all affected users have been compensated.Author: Ankr
Web3 infrastructure provider Ankr has released an incident report detailing the investigation results of the aBNBc Token vulnerability exploitation, which stemmed from a malicious supply chain attack by a former team member. They are currently cooperating with law enforcement to prosecute this former team member to bring them to justice. At the same time, they have announced an upgraded security measures plan to prevent any similar attacks in the future.
After the attack, Ankr's response measures can be broadly categorized as:
- Restoring security and cooperating with DEX to halt trading
- Developing and implementing a comprehensive compensation plan for the community
- Identifying the cause of the attack as a former employee (currently cooperating with law enforcement to take appropriate legal action)
Vulnerability Cause
A malicious supply chain attack was carried out by a former team member who inserted a malicious code package that could compromise private keys once a legitimate update was performed. They are currently cooperating with law enforcement to prosecute this former team member to bring them to justice. This may affect any protocol, and the team is supporting internal human resources processes and security measures to strengthen future security posture.
Stopping the Attack
Ankr took several immediate measures after the attack to minimize the damage caused:
- Publicly announcing the vulnerability and formulating solutions.
- Notifying known entry and exit points and halting trading
- Protecting smart contracts with new keys to prevent further tampering.
- Updating smart contracts and systems, suspending the core operations of BNB in liquid staking products.
Formulating a Recovery Plan
Ankr initiated compensation measures, fully reimbursing users for losses caused by the vulnerability. The Ankr team stated that they used their advanced API tools to locate each aBNBc holder within 10 seconds, compared to several hours using standard query methods on dedicated nodes.
- Taking snapshots to identify affected users
- Creating a brand new ankrBNB Token
- Airdropping ankrBNB to affected holders
- Establishing a compensation plan for affected users
Compensating the Community
- Restored the damage to aBNBc on the Helio platform by stabilizing the HAY price.
- Airdropped ankrBNB to affected aBNBc and aBNBb holders
- Airdropped BNB to all affected DeFi LPs
- Reached an agreement with Wombat to compensate stkBNB liquidity providers, planning for 100% coverage of BNBWombat LP.
Security Improvement Measures
Ankr has announced multiple improvements to security status, including requiring all updates to implement multi-signature authentication and time locks, enhancing internal security measures, implementing new monitoring and notification systems, and refining the use of DeFi protocol procedures.
- Implementing Multi-Signature Authentication and Time Locks
One of the causes of the vulnerability was a single point of failure in the Ankr developer keys. Ankr will update to implement multi-signature authentication, requiring all key custodians to sign within time-limited intervals, making future attacks extremely difficult. These features will enhance the security of the ankrBNB contract and all ANKR Tokens.
- Improving Internal Security Measures
Ankr now requires background checks for all employees (including all contractors and remote workers) while taking additional measures to verify the current status of employees. This also includes reviewing access permissions and reducing access to sensitive systems.
- Implementing New Monitoring and Notification Systems
From an execution standpoint, the Ankr team performed well in attack monitoring, quickly capturing the attack, but the notification mechanism still needs improvement. The Ankr team stated that they are implementing a new notification system to alert key personnel.
- Improving Procedures for Using DeFi Protocols
Improving processes based on precedents, simplifying communication channels with other protocols for quicker communication with various international teams.
The Ankr team stated that they are still working to ensure that all unresolved issues will be addressed and that all affected users have been compensated.
