Ankr Confirms $5M Crypto Hack Was An Inside Job

Ankr says it’s requesting background checks for staff after trillions of crypto tokens were illicitly minted by a rogue former employee

article-image

Furkan Cubuk/Shutterstock modified by Blockworks

share

Crypto startup Ankr says a former employee instigated the $5 million theft from its platform earlier this month.

A malicious hacker exploited a smart contract for one of Ankr’s staking rewards tokens, aBNBc, on Dec. 2. They’d manipulated a bug in its code that enabled unlimited minting of the token, deployed to Binance-branded BNB Chain.

In a Tuesday blog, the decentralized finance protocol said a former team member was behind the attack. It didn’t name or identify the individual.

“A former team member (who is no longer with Ankr) acted maliciously to conduct a supply chain attack, inserting a malicious code package that was able to compromise our private key once a legitimate update was made,” Ankr said.

Crypto intelligence firm Arkham had already noted the possibility of an inside job after on-chain sleuths linked related transactions to an Ankr deployer.

Ankr added: “Unfortunately, internal bad actors can affect any protocol and we are working on shoring up internal HR processes and safety measures to strengthen our security posture going forward.” 

The team is now working with law enforcement to potentially prosecute the former team member.

Previously, Ankr explained the attacker “minted an excess of aBNBc out of thin air” by uploading a new contract that allowed minting without authorization checks. They proceeded to swap it for other tokens on decentralized exchanges. 

Overall, the attacker minted 60 trillion aBNBc across six transactions. They swapped some for USDC before bridging the stablecoins to Ethereum and washing them through crypto mixer Tornado Cash.

Ankr reimbursed affected users with crypto

Shortly after the Ankr hack, a second exploit occurred on staking platform Helio, which hadn’t updated Ankr-related token prices despite aBNBc dropping more than 99%, from $303 to $1.54.

This allowed one user to borrow $16 million worth of its native stablecoin HAY by using affected Ankr tokens as collateral. They then swapped those funds for $15 million in BinanceUSD (BUSD), according to blockchain analysis firm BlockSec, before sending the haul onto Binance.

Ankr later executed a recovery plan for the community, which involved compensating its liquidity providers, lenders and other users affected by the exploit. 

The team also helped stabilize HAY after the stablecoin depegged, although the token is yet to fully regain its intended dollar value, now trading at a touch over $0.99.

In any case, Ankr hopes multi-sig authentication for updates will ensure similar attacks are avoided moving forward. The team is also implementing background checks for employees and reviewing access rights.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates.png

Research

Maple Finance has successfully navigated significant market challenges through its strategic pivot to secured lending (Maple v2) and the launch of its Syrup product. Syrup has become a primary growth driver, delivering sustainable, outperforming stablecoin yields and rapidly increasing TVL. The upcoming custody-first Bitcoin staking product (istBTC) presents another significant avenue for expansion. Crucially, Maple has achieved operational profitability, a key inflection point that, combined with a fully vested token and active buyback mechanism, strengthens its investment case. While valuation metrics suggest potential undervaluation relative to peers and growth, the primary forward-looking risk identified is the long-term sustainability of its current high-take-rate collateral staking revenue model.

article-image

In 2014, Microsoft virus scanners were detecting viruses in Bitcoin software

article-image

Ledn’s Mauricio Di Bartolomeo explained how this cycle’s been different for the lender

article-image

The shorts looking for funding range from charming animated series to gritty live-action dramas

article-image

Money, it turns out, is emergent, like consciousness

article-image

Bridge flows churn in both directions as risk appetite returns