Ankr exploit victims group alleges the company only reimbursed them 50%

Published at: Jan. 25, 2023

A group calling itself “Victims of Ankr Exploit” have claimed that its members lost over 13,000 BNB liquid staking coins (over $4 million worth at the time of writing) as a result of the Dec. 2 Ankr exploit, but have not been adequately reimbursed by the Ankr company. According to a Jan. 19 statement from the group received by Cointelegraph, affected members alleged that they have only received half of the amount they lost. The group has called on Binance’s Chanpeng Zhao (also known as “CZ”) to put pressure on Ankr to get the funds released.

1/4 We, the victims of Ankr exploit, are increasing the reward from 100 BNB to 110 BNB (worth $28700 currently) for the person (including influencers and media) that:✅ helps @cz_binance to understand the unfair compensation AND;✅ makes @ankr to compensate us 100% https://t.co/sZlkqGW58a

— Alex Soh (@AlexSoh14) January 7, 2023

The group specifically claimed that a reimbursement plan posted by Ankr on Dec. 20 has been unfair to liquidity providers at Wombat exchange. Under this plan, Ankr proposed to “partially cover the loss of stkBNB liquidity providers on Wombat.” Ankr argued that a full reimbursement would be unfair because “the nature of the mixed liquidity pools” on Wombat made it hard to determine how much liquidity providers had lost.

The Ankr exploit victim group admitted that Ankr compensated them with 50% of the BNB lost in the attack, but insisted that it should have compensated them 100%.

The group argued that Ankr has refused to compensate them fully because the stkBNB and BNBx liquid staking tokens lost were competitors to Ankr’s own ankrBNB tokens:

“It is obvious that there is a segregation and discrimination of victims that is unjustifiable. And [a] fact that out of X protocols impacted, only two of them (Stader and pSTAKE), direct competitors of Ankr, see their users discriminated as victims.”

Citing a tweet from ZachXBT, they argued that Ankr has the ability to compensate them fully because it recovered 1,559 ETH (approximately $2.4 million worth at the time of writing) from Huobi Global after the attacker tried to use it to cash out.

Related: Uniswap considers launching on BNB Chain

The Ankr team responded to these allegations through a Jan. 25 email sent to Cointelegraph. In the email, the Ankr representative stated that the reimbursement plan was “more than generous” to liquidity providers on Wombat. From the company’s perspective, much of the stkBNB and BNBx losses on Wombat were due to poor risk management of these rival staking protocols and illiquidity on Wombat, as they explained:

“50% of all BNBx and stkBNB liquid staking was on Wombat alone due to Stader and pStake incentives. This represents an obvious concentration risk[…]Ankr cannot be held responsible for the lack of risk management of other pools. To put things in context, Ankr paid Wombat pools in all 4x more than the aBNBc TVL we had on Wombat, which is more than generous”

The team argued further that critics of the plan do not understand the “flow of money” that led to the loss of funds, stating:

“We have to comprehend what happened and follow the flow of money. The exploiter sold aBNBc on Wombat against BNB and then against BNBx and stkBNB. Then he sold BNBx and stkBNB on other DEX where there was more BNB liquidity[…]In this story, some people made money.”

The Ankr team also argued that it has not recovered enough funds to compensate users, stating that “criminal investigations are ongoing to recover part of the funds, and the amount we think we can recover is significantly less than what we paid.”

The Ankr BNB staking protocol was hacked on Dec. 2, 2022, and the attacker was able to obtain $5 million in crypto from the attack. On Dec. 21, the company announced that the attack had been carried out by an ex-employee. In the same announcement, it vowed to shore up its security practices and reimburse victims.

Tags
Defi
Binance Coin
Security
Related Posts
Uniswap (UNI) gains nearly 50% in 24 hours as China’s latest crypto purge boosts DEX tokens
Uniswap (UNI) prices staged a solid rebound after crashing last week in the wake of China’s decision to intensify its anti-Bitcoin (BTC) and cryptocurrency rhetoric. UNI price gained 14.90% on Monday to reach an intraday high of $26.26. UNI/USD’s climb came a day after it dropped to a monthly low of $17.63. As a result, it churned out more than 48% profits for the dip buyers within the last 24 hours. Adoption FOMO UNI serves as a governance token inside Uniswap’s decentralized exchange (DEX) ecosystem. As a result, its holders get to vote on matters that help steer the future …
Decentralization / Sept. 27, 2021
yEarn Creator Says Recent Audits Don't Necessarily Mean the Project Is 100% Safe
Andre Cronje, the creator of Yearn.Finance, has recently made security audits of his project publicly available. He explained to Cointelegraph that he had been previously withholding these audits, which were completed months ago, so as to not give users a false sense of security: I always refused to publish the audits because I don't want people to get a false sense of security because of them. Yesterday, Cronje published five audits on the project's GitHub repository. The audits were performed between February and July by leading auditors, such as Certik and Quantstamp. Some of the vulnerabilities that were discovered are …
Technology / Aug. 20, 2020
ImmuneFi report $10B in DeFi hacks and losses across 2021
Decentralized finance, or DeFi, security platform and bug bounty service ImmuneFi published an official report on Thursday which calculated the total volume of losses in the cryptocurrency markets in 2021. According to its report, the company found that losses resulting from hacks, scams and other malicious activities exceeded $10.2 billion dollars over the past year. Responsible for protecting over $100 billion worth of assets for a number of well-established DeFi protocols, including Synthetix, Chainlink, SushiSwap and PancakeSwap, among others, ImmuneFi has regularly facilitating seven-figure pay-outs to whitehat hackers and other good-willed entities for preventing protocol compromises. According to the report, …
Decentralization / Jan. 7, 2022
Aurora pays $6M bug bounty to ethical security hacker through Immunefi
On Tuesday, Ethereum (ETH) bridging and scaling solution Aurora announced it had paid out a $6 million bounty to ethical security hacker pwning.eth, who discovered a critical vulnerability in the Aurora Engine. The exploit allegedly placed over $200 million worth of capital at risk. The sum was paid in collaboration with Immunefi, a leading platform for Web 3.0 bug bounties, with more than $145 million bounties available and over $45 million bounties paid out. On April 26, Immunefi received a report from pwning.eth about a critical flaw in the Aurora Engine that would have enabled the infinite minting of ETH …
Blockchain / June 7, 2022
DeFi security: How trustless bridges can help protect users
Blockchain bridges allow decentralized finance (DeFi) users to use the same tokens across multiple blockchains. For example, a trader can use USD Coin (USDC) on the Ethereum or Solana blockchains to interact with the decentralized applications (DApps) on those networks. While these protocols may be convenient for DeFi users, they are at risk of exploitation by malicious actors. For example, in the past year, the Wormhole bridge — a popular cross-chain crypto bridge between Solana, Ethereum, Avalanche and others — was hacked, with attackers stealing over $321 million worth of wrapped Ethereum (wETH), the largest hack in DeFi history at …
Decentralization / Feb. 18, 2023