Ankr Exploit Causes Collateral Damage

“We were able to minimize any damage,” Ankr team says, but Helio Protocol customers may disagree

by Macauley Peterson /
article-image

Source: DALL-E

share

Decentralized Web3 infrastructure provider Ankr sought to reassure its community Friday with an initial response to the theft of at least $5.5 million from BNB Chain liquidity pools and money markets. 

The team confirmed that Ankr’s other products — including validators, RPC nodes, and AppChain services — were not affected. That will come as a relief to holders of Ankr’s other larger staking derivatives, notably aETHc — Ankr staked ether — which carries a market cap of about $68 million.

Loading Tweet..

Newsletter

Subscribe to Blockworks Daily

The attacker minted a total of 60 trillion aBNBc across 6 different transactions. The thief then used the minted, but unbacked tokens to drain liquidity from decentralized exchanges on the BNB Chain. After turning around and buying the depressed aBNBc the attacker was able to raid borrowing and lending protocol Helio by withdrawing $16 million in HAY, the protocol’s custom stablecoin and swapping it for $15.5 million BUSD, the Binance stablecoin issued by Paxos.

Prior to the exploit, Helio had $90 million in Total Value Locked, according to DeFiLlama.

Loading Tweet..

“Hacks and exploits from bad actors like this are an unfortunate possibility in Web3, even with every attention to detail in security processes — but we were well prepared,” Co-Founder & CEO Chandler Song, said in a statement.

A recommended “action plan” explained how users of aBNBc can be compensated through a new ankrBNB token that will be minted and airdropped based on a pre-exploit snapshot of on-chain data.

While the attack apparently stems from malicious use of the private key for the aBNBc smart contract deployer, it’s unclear exactly how the key was compromised. Industry best practices call for multisignature wallets and timelocks on upgradeable smart contracts, to prevent this type of attack.

Representatives from Ankr did not respond to Blockworks request for comment.

Other providers of liquid staked BNB such as pSTAKE use multisigs to protect sensitive contracts, and restrict access to token minting functions, while fully decentralized dapps such as Uniswap on Ethereum are not upgradeable at all.

The full extent of the collateral damage is not yet clear, but the Ankr team expressed the intent to resolve losses incurred by customers of related DeFi dapps.

For example, Ankr will cover bad debt incurred by Helio Protocol, pending the outcome of ongoing discussions, according to the latter’s official Twitter account.

Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
  • Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
Tags

Upcoming Events

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

tg trading bot report graphic.png

Research

Telegram Trading Bots: Robinhood Without Borders

Telegram trading bots have found their primary niche in highly speculative token launches and retail-dominated memecoin markets, with many features specifically tailored to token sniping and copy-trading strategies.

by Danny K

/

news

article-image

0xResearch Newsletter

Can Ethereum win big with data availability?

Ethereum is hoping that increased DA will grow user demand — and its profits through DA fees

by Donovan Choy /
article-image

AnalysisSupply Shock

126 million BTC? How Bitcoin’s absolute scarcity was saved

11 years ago, Bitcoin contributors prevented a supply crisis… two centuries from now

by David Canellis&Pete Rizzo /
article-image

DeFiEmpire Newsletter

Paradigm’s Samczsun warns there’s ‘more to the DPRK than just the Lazarus Group’

Both samczsun and ZachXBT have issued warnings after the Bybit hack last month

by Katherine Ross /
article-image

PeopleSupply Shock

Investor who bought bitcoin at $5 says Saylor is making a $1.5B mistake

The investor criticized Michael Saylor’s plan to render his personal bitcoin holdings inaccessible to anyone else forever

by Pete Rizzo /
article-image

DeFiLightspeed Newsletter

Jupiter’s risk vault unlikely to face Hyperliquid-style attack

The exchange has structural defenses and protocols to limit manipulations

by Jeff Albus /
article-image

BusinessEmpire Newsletter

Exclusive: DeFi yield platform Upshift exits stealth

Upshift is being spun out of August, which raised $10 million earlier this month

by Katherine Ross /