Just how far will hackers go to eek out a profit from a crypto entity? In one DeFi projects’ case, those looking to exploit found they could make a pretty penny by simply telling the system to mint a quadrillion crypto tokens.
Binance CEO Chengpeng Zhao, who often goes by CZ, wrote early Tuesday there were “possible hacks” of the Ankr and Hay coins listed on the exchange. He said the hacker “updated the smart contract to a more malicious one.” The CEO added that he paused withdrawals for Ankr’s loyalty token aBNBc.
According to crypto security analytics firm PeckShield, the hacker managed to dig into the smart contract’s code and exploit a bug that let him mint an unlimited amount of Ankr’s main token. The hacker and subsequent folks looking to exploit the DeFi project decided to keep going until somewhere around 4 quadrillion had been minted. To put that in perspective, that is a ludicrous 4,000 trillion tokens.
Ankr also wrote on Twitter late Thursday explaining that its aBNB token had been exploited, and tried to reassure users that its other services were unaffected. After the dust settled, analysts said the project could have been taken for about $5 million, even before Ankr made its initial announcement. Still, it offered some very concerning advice to customers while advising it will reissue hacked coins. According to crypto analyst firm Lookonchain, another user managed to take advantage in the lull between when prices were being authenticated on other sites. This separate exploiter took 10 BNB tokens, which are Binance’s native coin, and turn what was just $2,879 into $15.5 million worth of BUSD (a stablecoin pegged to the U.S. dollar).
Ankr also wrote on Twitter late Thursday explaining that its aBNB token had been exploited, and tried to reassure users that its other services were unaffected. After the dust settled, analysts said the project could have been taken for about $5 million, even before Ankr made its initial announcement. Still, it offered some very concerning advice to customers while advising it will reissue hacked coins.
As pointed out by CoinDesk, the hack practically drained all the aBNBc liquidity out of Ankre, and since then the value of the coin has sunk by over 99% and its current value is hovering around $1.50, according to CoinGecko. On the flip side, Hay is a stablecoin supposed to be pegged 1-to-1 with the value of the U.S. dollar.
Binance remains the largest crypto exchange by far, with a trading volume of around $12 billion, as of reporting. The only other exchange to break $1 billion is Coinbase, but that exchange is also feeling the pressure of a world becoming more critical of centralized crypto storehouses. What had been Binance’s main rival for some time, FTX, recently imploded and is already taking other major actors in the crypto space down with it.
Binance itself has experienced other hacks this year as well. In May, hackers took 7,000 bitcoin worth around $40 million at the time after they breached a wallet listed on Binance. In October, Binance suffered a hack of its native BNB token worth somewhere between $100 to $110 million.
It’s interesting to note just how many exchanges have died since the start of the year. Celsius and Voyager are both going through messy bankruptcy proceedings, and of course there’s FTX whose incredible implosion has brought down crypto lender BlockFi. Binance’s own chief strategy officer Patrick Hillman told CoinDesk on Thursday that their own centralized exchange might not be around in 10 years, as more of the crypto world may try to leave these exchanges behind for the greener pastures of the DeFi space. CZ took umbrage with the line that their exchange could be gone in the next decade, but didn’t explicitly deny it either. Of course, let’s not forget that decentralized finance initiatives have been a primary target for hacks this year.