Security and Risk

1 Dec - Ankr protocol exploited

BNB Chain-based decentralized finance (DeFi) protocol Ankr has confirmed it has been hit by a multi-million dollar exploit as the attacker managed to swap 20T of unauthorised minted aBNBc. This caused the price of aBNBc to fall 99.5% from $303.89 to $1.53 in a matter of hours. [more][more-2][more-analysis]

• Attacker managed to mint 6 quadrillions of aBNBc token, and swap 20 trillion of them for BNB, which later swapped for ~$5 milion USDC.

• Ankr indicated that it will reimburse the users impacted by the exploit. Ankr had reissue ankrBNB to all valid aBNBc holders before the exploit. The ankrBNB token will continue to be redeemable, while aBNBc and aBNBb will no longer be redeemable.

• Peckshield noted that the $aBNBc token contract has an unlimited mint bug. Specifically, while mint() is protected with onlyMinter modifier, there is another function (w/ 0x3b3a5522 func. signature) that completely bypasses the caller verification to have arbitrary mint.

• Blockchain security firm Beosin suggested the exploit was likely the result of vulnerabilities in the smart contract code combined with compromised private keys, which may have come from a technical upgrade by the Ankr team earlier.

2 Dec - DEX Helio - collateral damage of Ankr exploitation

Attacker who minted a total of 60 trillion aBNBc across 6 different transactions used them to drain liquidity from decentralized exchanges on the BNB Chain. The attacker was able to raid borrowing and lending protocol Helio by withdrawing $16 million in HAY, the protocol’s custom stablecoin and swapping it for $15.5 million BUSD, the Binance stablecoin issued by Paxos. [more]

Celsius’ Scam

Defunct crypto lender Celsius faced scammers impersonating lawyers involved in its Chapter 11 proceedings. The attempted scams are the latest headache for Celsius, which halted withdrawals and related customer activities in July. [more]

• A number of unidentified would-be nefarious actors have been reaching out to its creditors, posing as Kirkland & Ellis attorneys. The attempts, largely carried out over email, seem to have been intended to persuade customers — whose accounts have been frozen for months — to hand over sensitive information in a bid to gain access to their accounts.  

Other Crypto Picks

1. Singapore - Three Arrows liquidators seized $35M and sought $30M more from the sale of the firm's "Much Wow" superyacht. But the bust firm’s co-founders still aren’t cooperating, a document shows. [more]

2. United States - In an ironic turn of events, Sam Bankman-Fried’s choice for cryptocurrency legislation could have prevented the collapse of his exchange and protected users, Commodity Futures Trading Commission Chair Rostin Behnam said. [more]

   • This includes, requires digital commodity platforms to prohibit abusive trading practices, eliminate or disclose conflicts of interest, maintain sufficient financial resources, have strong cybersecurity programs, protect customer assets, and report suspicious transactions. [more]

3. Brazil - Brazil lawmakers have approved a crypto bill that includes a new crime of virtual asset embezzlement — topical considering the FTX scandal. Crypto laws will demand up to 6 years prison for embezzlement. [more]

4. FTX contagion - Crypto trading firm Auros Global appears to be suffering from FTX contagion after missing a principal repayment on a 2,400 Wrapped Ether (wETH) decentralized finance (DeFi) loan. [more]

5. Maersk has announced that TradeLens, the joint blockchain initiative for international shipping with IBM is closing. Launched in 2018, many believed that Maersk would not be able to attract other container shipping firms, but MSC and CMA-CGM joined in 2019. [more]

6. Galaxy Digital has agreed to buy GK8, the digital asset self-custody technology firm owned by bankrupt crypto lender Celsius. Israel’s GK8 was acquired by Celsius for $115 million in November last year, with Celsius entering Chapter 11 bankruptcy in July. [more]

   • In August, Galaxy terminated a $1.2 billion agreement to buy custodian BitGo, a deal originally announced in May 2021.

7. BlackRock CEO Larry Fink said that "the next generation for markets, the next generation for securities, will be tokenization of securities. [more]

8. Indexing service The Graph will soon add support for the Polygon blockchain. Joining Web3 The Graph Network will allow Polygon developers to find the data they need to improve the efficiency of their dapps. Polygon node operators can play a role by becoming indexers for Polygon to serve the decentralized applications (dapps) running on the network. [more]

9. Opera to add drag-and-drop NFT creation tool to browser in early 2023. [more]

10. Apple is demanding that Coinbase pay a 30% tax on gas fees used to transfer in-app NFTs. [more]