Decentralized Web3.0 infrastructure Ankr which was exploited at the beginning of this month has admitted that the attack was perpetrated by one of its former employees.
As such, the company plans to tighten its security by mandating background checks for its employees including those who work remotely. Additionally, access rights will be reviewed to ensure that sensitive data is only available to authorized employees.
Ankr announced that it will develop a notification system that will alert the team faster any time a vulnerability is discovered. Ultimately, the Web3.0 protocol has started working on improving its human resource practices. In the case of the perpetrator, the appropriate authorities have been notified and the ex-employee will be prosecuted.
“Unfortunately, internal bad actors can affect any protocol and we are working on shoring up internal HR processes and safety measures to strengthen our security posture going forward,” the company said.
Ankr Protocol Compromised Earlier
The exploit which happened on December 1st was first discovered by security firm PeckShield, then Ankr later announced the attack on Twitter.
According to Ankr, its aBNB coin was compromised and the attacker ended up creating 20 trillion Ankr Reward Bearing Staked BNB, aBNBc. This aBNBc was later swapped for United States dollar-pegged stablecoin USD Coin (USDC) worth $5 million on decentralized exchanges (DEX).
More specifically, the ex-employee created a supply chain attack where he inserted a malicious code into the future update of the team’s internal software. In turn, the malicious codes are allowance for a security loophole gave that bad actor access to the team’s deployer key from the company’s server.
The Ankr team says that “The exploit was possible partly because there was a single point of failure in our developer key” Henceforth, “We will now implement multi-sig authentication for updates that will require signoff from all key custodians during time-restricted intervals, making a future attack of this type extremely difficult if not impossible. These features will improve security for the new ankrBNB contract and all Ankr tokens.”
Notably, leading digital assets service provider Binance attempted to help Ankr contain the situation when it happened.
Read More
All News
BlockchainFX is the world’s first crypto exchange connecting traditional finance with blockchain. Join the $BFX presale today and secure your chance for 100x gains!
Join Now