{"id":530033,"date":"2022-12-21T21:30:00","date_gmt":"2022-12-21T18:30:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/ankr-says-ex-employee-caused-5m-exploit-vows-to-improve-security\/"},"modified":"2022-12-21T21:30:00","modified_gmt":"2022-12-21T18:30:00","slug":"ankr-says-ex-employee-caused-5m-exploit-vows-to-improve-security","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/ankr-says-ex-employee-caused-5m-exploit-vows-to-improve-security\/","title":{"rendered":"# Ankr says ex-employee caused $5M exploit, vows to improve security"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2eebaa51cc9\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2eebaa51cc9\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/ankr-says-ex-employee-caused-5m-exploit-vows-to-improve-security\/#%E2%80%9D_Ankr_says_ex-employee_caused_5M_exploit_vows_to_improve_security_%E2%80%9C\" >&#8221; Ankr says ex-employee caused $5M exploit, vows to improve security &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Ankr_says_ex-employee_caused_5M_exploit_vows_to_improve_security_%E2%80%9C\"><\/span>&#8221; Ankr says ex-employee caused $5M exploit, vows to improve security &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTIvYTFlNWE1NmQtYTBlZi00N2UzLWI4NjctMzRmOTEwODAyMGI3LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-30a6cf80>A $5 million hack of Ankr protocol on Dec. 1 was caused by a former team member, according to a Dec. 20 announcement from the Ankr team.<\/p>\n<p>The ex-employee conducted a \u201csupply chain attack\u201d by <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ankr.com\/blog\/after-action-report-our-findings-from-abnbc-token-exploit\/\">putting<\/a> malicious code into a package of future updates to the team\u2019s internal software. Once this software was updated, the malicious code created a security vulnerability that allowed the attacker to steal the team\u2019s deployer key from the company\u2019s server.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">After Action Report: Our Findings From the aBNBc Token Exploit<\/p>\n<p>We just released a new blog post that goes in-depth about this: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/fyagjhODNG\">https:\/\/t.co\/fyagjhODNG<\/a><\/p>\n<p>A  <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/d6psUbpxNY\">pic.twitter.com\/d6psUbpxNY<\/a><\/p>\n<p>\u2014 Ankr Staking (@ankrstaking) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/ankrstaking\/status\/1605270645864013847?ref_src=twsrc%5Etfw\">December 20, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>Previously, the team had announced that the exploit was caused by a stolen deployer key that had been used to upgrade the protocol\u2019s smart contracts. But at the time, they had not explained how the deployer key had been stolen.<\/p>\n<p>Ankr has alerted local authorities, and is attempting to have the attacker brought to justice. It is also attempting to shore up its security practices to protect access to its keys in the future.<\/p>\n<p>Upgradeable contracts like those used in Ankr rely on the concept of an \u201cowner account\u201d that has sole authority to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/forum.openzeppelin.com\/t\/openzeppelin-upgrades-step-by-step-tutorial-for-truffle\/3579\">make<\/a> upgrades, according to an OpenZeppelin tutorial on the subject. Because of the risk of theft, most developers transfer ownership of these contracts to a gnosis safe or other multisig account. The Ankr team says that it did not use a multisig account for ownership in the past but will do so from now on, stating:<\/p>\n<blockquote><p>\u201cThe exploit was possible partly because there was a single point of failure in our developer key. We will now implement multi-sig authentication for updates that will require signoff from all key custodians during time-restricted intervals, making a future attack of this type extremely difficult if not impossible. These features will improve security for the new ankrBNB contract and all Ankr tokens.\u201d<\/p><\/blockquote>\n<p>Ankr has also vowed to improve HR practices. It will require \u201cescalated\u201d background checks for all employees, even ones who work remotely, and it will review access rights to make sure that sensitive data can only be accessed by workers who need it. The company will also implement new notification systems to alert the team more quickly when something goes wrong.<\/p>\n<p>The Ankr protocol hack was first discovered on Dec. 1. It allowed the attacker to mint 20 trillion Ankr Reward Bearing Staked BNB (aBNBc), which were im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely sw<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ed on decentralized exchanges for around $5 million USD Coin (USDC) and bridged to Ethereum. The team has stated that it plans to reissue its aBNBb and aBNBc tokens to users affected by the exploit and to spend $5 million from its own treasury to ensure these new tokens are fully backed.<\/p>\n<p>The developer has also deployed $15 million to repeg stablecoin HAY, which became undercollateralized due to the exploit.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/ankr-says-ex-employee-caused-5m-exploit-vows-to-improve-security\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Ankr says ex-employee caused $5M exploit, vows to improve security &#8220; A $5 million hack of Ankr protocol on Dec. 1 was caused by a former team member, according to a Dec. 20 announcement from the Ankr team. The ex-employee conducted a \u201csupply chain attack\u201d by putting malicious code into a package of future&#8230;<\/p>\n","protected":false},"author":1,"featured_media":530034,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1200\/https:\/\/s3.cointelegraph.com\/uploads\/2022-12\/a1e5a56d-a0ef-47e3-b867-34f9108020b7.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74868,74882,70944],"class_list":["post-530033","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-defi","tag-hacks","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/530033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=530033"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/530033\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/530034"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=530033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=530033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=530033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}