Ankr has released the most recent information on the exploit case following the events of the DeFi protocol’s aBNBc token exploit on Dec. 1.
1/ The exploit case is ongoing. We did not release updates regarding its status due to the fact that we are working with law enforcement, and this relationship means we have to be mindful regarding what can be shared at this time.
— Ankr (@ankr) January 5, 2023
Ankr claimed in a blog post published toward the end of December that a former employee had carried out a «supply chain attack» by slipping malicious code into a package of upcoming updates.
«A former team member (who is no longer with Ankr) acted maliciously to conduct a combination of a social engineering and supply chain attack, inserting a malicious code package that was able to compromise our private key once a legitimate update was made,» the blog post stated.
It also stated that it was working with law enforcement to prosecute and bring the former team member to justice.
According to the team, the exploit case is still ongoing as of right now. It said that because it was collaborating with law enforcement and had to be careful about sharing information because of this relationship, updates on its status were kept from the public.
The Ankr team draws attention to recent reports of funds related to the exploiter being moved. It explains this was because it was able to recover part of the stolen funds from the exploiter with the help of law enforcement, which was then sent to Huobi.
The process of recovering funds remains ongoing, according to Ankr, and more are being sought.
It claims to have paid out more than $30 million in compensation to the impacted users and to have so far retrieved more than $2 million from the hacker. On Dec. 1, a malicious hacker exploited a smart contract for one of Ankr’s staking rewards tokens, aBNBc deployed to Binance’s BNB Chain, which allowed unlimited minting of the token.