DeFi protocol Ankr has fingered an ex-worker as the perpetrator of a recent harmful exploit that cost the company $5 million. The impacted customers have been informed that the platform is working on a recovery plan and has said that it would strengthen its defenses to prevent future incidents of a similar nature.
Ankr explained in a blog post (1):
"A former team member (who is no longer with Ankr) acted maliciously to conduct a combination of a social engineering and supply chain attack, inserting a malicious code package that was able to compromise our private key once a legitimate update was made.."
Ankr has revealed that it is already collaborating with the appropriate authorities to bring criminal charges against the former employee, and the company has committed to following through with these threats.
In addition, the DeFi protocol stated that it is improving its security procedures, specifically its HR processes and safety precautions.
Ankr Reveals How the Hack Was Perpetrated
In the blog post, Ankr also provided specifics regarding infrastructure hacking. According to the claims made by the corporation, the former worker was the one who initiated the attack on the supply chain by inserting harmful code into future protocol updates. The team's internal software will benefit from the collection of upcoming improvements.
After the software was updated, the malicious code introduced a security flaw that made the Ankr protocol susceptible to attack. Using this vulnerability, the attacker may then obtain the team's deployer key from Ankr's servers and use it against them.
After the attack, the attacker changed the ill-gotten earnings into Binance Coin (BNB) and sent them through the cryptocurrency mixer Tornado Cash. After that, the hacker traded the BNB tokens for a total of 5 million USDC.
In response to the impact of the hack on the network and how it may affect future operational decisions, Ankr provided the following:
"The vulnerability in our developer key made the exploit viable in part due to the fact that there was only one probable point of failure. We are now going to introduce multi-sig authentication for updates, which will require signoff from all key custodians at time-restricted intervals. This will make it extremely difficult, if not impossible, for an attack of this type to be carried out in the future."
Ankr continued by explaining that the planning process will improve the company's new ankrBNB contract's level of security. The operator of the distributed node service stated that securing all Ankr tokens by utilizing multi-sig authentication will be possible.
Ankr Doing Proper Due Diligence in HR Section
Ankr is also looking to strengthen its human resource processes, one of which is doing "escalated" background checks on every employee. The organization emphasized that this policy would apply to all employees, including those who worked remotely, and that it would be comprehensive and complete.
In addition, Ankr claimed that it intends to restrict access to sensitive data to just those employees who have a requirement for it in the near future. In addition, the DeFi network plans to put in place a brand-new warning system that will send out alerts in a timely manner in the event that a security hole is discovered.
What is the Recovery Plan?
Ankr has responded to the exploit by taking many steps to ensure that users are compensated for "the full extent of their losses." On this day's agenda, we were going to implement an Advanced API that would discover every aBNBc holder within ten seconds.
All harmed parties received compensation in the form of ankrBNB and BNB tokens distributed via airdrop.