Ankr blâme l'exploitation de $5 millions sur un ancien employé - Bitnation

Laurent Woriji

  • Ankr previously acknowledged that a stolen deployer key that was used to update the protocol’s smart contracts was behind the attack. However, it did not reveal how the deployer key was obtained at the time.

The Ankr team, which on December 1 suffered a $5 million hack, has announced on its website that a former employee was responsible for the attack on the protocol. The DeFi platform a dit that the former team member was able to carry out the supply chain attack by inserting harmful code into a package of upcoming updates to the team’s internal software. The malicious code, once updated, produced a security flaw that gave the attacker access to the platform’s server and stole the team’s deployer key.

The flaw enabled a user to mint 6 quadrillion aBNBc tokens, which the hacker quickly converted into Binance Coin (BNB) before sending them to Tornado Cash, a crypto mixing service. The attacker was able to swap the BNB tokens for 5 million USDC.

Ankr said it has notified the appropriate authorities and is working to have the attacker prosecuted. The team is also working to improve security to safeguard future access to its keys. The team said in a statement,

The exploit was possible partly because there was a single point of failure in our developer key. We will now implement multi-sig authentication for updates that will require signoff from all key custodians during time-restricted intervals, making a future attack of this type extremely difficult if not impossible. These features will improve security for the new ankrBNB contract and all Ankr tokens.

4/ We are now improving several security measures, here are a few:

– Requiring Multi-sig authentication & timelocks for all updates
– Revamping internal security measures
– Implementing new monitoring and notification systems
– Refining procedures for working with DeFi protocols

— Ankr Staking (@ankrstaking) December 20, 2022

Furthermore, Ankr has pledged to enhance HR procedures and will mandate that all workers, including those who work remotely, face increased background checks. The team also promised to review access privileges to ensure that only employees who need access to critical information will have clearance to access it. The DeFi protocol also plans to install new notification systems to notify the staff more promptly if a problem occurs.

Laurent Woriji

Laurent Woriji Auteur vérifié

J'ai couvert des histoires passionnantes dans ma carrière de journaliste et je trouve les histoires liées à la blockchain très intrigantes. Je crois que Web3 va changer le monde et je veux que tout le monde en fasse partie.

Dernières nouvelles



Lien source

Auteur

  • Guillaume Foster

    William Foster est éditeur pour la région Asie centrale et Europe. Auparavant, il a travaillé comme rédacteur chez Acuris (Mergermarket) où il était responsable des documents sur les startups, les opérations de capital-investissement, les levées de fonds, les développements et la direction éditoriale. Son temps le plus mémorable a été à Reuters, où il était à la fois journaliste et rédacteur en chef pour diverses équipes.

Chargement des données ...
Comparaison
Afficher le tableau de comparaison
Voir le tableau comparer
fr_FRFrançais