By
Steve Muchoki
April 22nd, 2024
Ankr announced that it has made sweeping changes to its security outlook following a protocol exploit by an ex-employee.
DeFi protocol Ankr has ascribed the recent malicious $5 million exploit it suffered to a former employee. The platform has stated that it would shore up its defenses to avert similar recurrences and that it has embarked on a recovery plan for affected users.
In a blog post from two days ago, the company explained:
“A former team member (who is no longer with Ankr) acted maliciously to conduct a combination of a social engineering and supply chain attack, inserting a malicious code package that was able to compromise our private key once a legitimate update was made.”
Ankr vowed to prosecute the ex-employee, revealing that it is already working with relevant authorities. In addition, the DeFi protocol said that it is working on beefing up security measures – including HR processes and safety measures.
Ankr Details Ex-Employee Exploit
Ankr also detailed how the infrastructure hack took place in the blog post. According to the company, the former employee instituted the supply chain assault by inputting a malicious code into future protocol updates. The package of future updates serves the team’s internal software. The malicious code created a security vulnerability in the Ankr protocol upon the update of said software. The attacker could then exploit this breach and steal the team’s deployer key from Ankr’s servers.
Following the attack, the perpetrator converted the minted ill-gotten gains for Binance Coin (BNB) before funneling them through crypto mixer Tornado Cash. The hacker then exchanged the BNB tokens for 5 million USDC.
Addressing the impact of the network hack and how it influences subsequent operational decisions, Ankr offered:
“The exploit was possible partly because there was a single point of failure in our developer key. We will now implement multi-sig authentication for updates that will require signoff from all key custodians during time-restricted intervals, making a future attack of this type extremely difficult, if not impossible.”
Ankr further explained that the implementation plans would enhance security for its new ankrBNB contract. The distributed node service operator added that using multi-sig authentication would secure all Ankr tokens.
Ankr Makes Sweeping Changes in HR Practices
Ankr also looks to improve its human resource practices, including “escalated” background checks for all staff. The company stressed that this practice would be holistic, thorough, and even extend to remote employees. Furthermore, Ankr stated that in the future, it would make sensitive data only accessible to workers who need it. In addition, the DeFi network also intends to implement a new notification system that alerts quickly in case of a breach.
Recovery
Following the exploit, Ankr has taken several measures to compensate users to “the full extent of their losses”. This agenda included deploying an Advanced API to locate every aBNBc holder within 10 seconds.
Reimbursement took place via airdropped ankrBNB and BNB tokens to all affected parties.