On December 2nd, 2022, the Ankr defi protocol suffered a significant exploit of their aBNBc token, resulting in the loss of around $5 million in funds. The attacker exploited a vulnerability in the project's smart contract to mint quadrillions of aBNBc, which they then swapped for other tokens. The attacker had already bridged and tumbled around $5 million in funds from the exploit using Tornado cash, Celar bridge and deBridgeGate before the announcement of the hack was made by Ankr.

The attacker's address is 0xf3a465c9fa6663ff50794c698f600faa4b05c777.

The attacker used an unlimited mint bug to mint quadrillions of aBNBc and dumped it on Pancakeswap in mulitiple transactions which can be found below https://www.bscscan.com/token/0xe85afccdafbe7f2b096f268e31cce3da8da2990a?a=0xf3a465c9fa6663ff50794c698f600faa4b05c777.

Ankr later blamed the hack on an employee who had inserted malicious code into the protocol, which was used to exfiltrate the private key. This highlights the importance of strict access control policies, including limited access to sensitive information and regular code reviews to prevent insiders from exploiting vulnerabilities.

Furthermore, the incident also highlights the importance of a robust incident response plan that can be quickly activated in the event of a security breach. In this case, Ankr was able to work with exchanges to halt trading and block the attacker's access, preventing further damage.

Overall, this incident serves as a reminder of the ever-present threat of cyber attacks and the need for strong security measures to protect against them. It is crucial for all companies in the cryptocurrency space, to prioritize security and invest in robust security measures, including regular security assessments and penetration testing.