A $5 million hack of Ankr protocol on Dec. 1 was caused by a former team member, according to a Dec. 20 announcement from the Ankr team.
The ex-employee conducted a “supply chain attack” by putting malicious code into a package of future updates to the team’s internal software. Once this software was updated, the malicious code created a security vulnerability that allowed the attacker to steal the team’s deployer key from the company’s server.
After Action Report: Our Findings From the aBNBc Token Exploit
We just released a new blog post that goes in-depth about this: https://t.co/fyagjhODNG
— Ankr Staking (@ankrstaking) December 20, 2022
Previously, the team had announced that the exploit was caused by a stolen deployer key that had been used to upgrade the protocol’s smart contracts. But at the time, they had not explained how the deployer key had been stolen.
Ankr has alerted local authorities, and is attempting to have the attacker…