Ankr’s $5M hacker deanonymizes with wrong transactions, funds moved to Huobi

The hacker who compromised web3 infrastructure platform Ankr in early December, leading to a loss of $5 million worth of BNB, committed a major mistake tracing funds back to their original wallet.

In a Jan. 3 Twitter thread, pseudonymous blockchain sleuth ZachXBT shared data showing the mistake. Ankr hacker’s address anonymized the proceedings with Tornado.Cash, but then decided to send it to the same address as one holding deanonymized funds. This led to ZachXBT discovering the hacker’s deposit address at the crypto exchange Huobi.

Still, Huobi did not yet freeze the account controlled by the hacker and allowed the funds to be bridged to the Binance Smart Chain, where they are still located.

Ankr hack: a brief story

Ankr, a centralized crypto exchange, discovered the malicious activity, temporarily stopping some operations in early December. However, before they could apply prompt security measures, they had already incurred a loss of $5 million in BNB.

Ankr team attributes the hack to a former employee who “acted maliciously to conduct a combination of social engineering and supply chain attack, inserting malicious code” into the system.

The hackers could reportedly access the private developer key and modify the smart contract for aBNBc, Ankr’s BNB liquid staking token.

This gave the hackers the access to create an infinite amount of tokens, and as a result, they were able to mint over 20 trillion Ankr reward-bearing staked BNB (aBNBc), which they later dumped, causing the price to plummet from $300 to less than $2.