https://medium.com/@numencyberlabs/ankr-attacked-event-analysis-d9582b176056
On December 2, Numen Cyber Labs discovered that the aBNBc project was hacked based on on-chain data monitoring. There have been a large number of additional transactions, and a large number of aBNBc tokens have been issued. At present, part of the aBNBc issued by the hacker is exchanged for BNB through pancakeswap and rest of it remains in the wallet. The hacker transfers funds through Tornado.Cash: Proxy. This attack caused the liquidity pool of aBNBc tokens to dry up, and the price of the currency was cut in half. Other attackers used the newly issued aBNBc tokens for mortgage loans, causing losses to the lending platform.
According to the analysis of multiple transaction data, the callers are different address, all of which caused the issuance of tokens. We found that the contract was upgraded before the project was attacked, and the issue functions in the logic contract did not perform permission detection.
Proxy contract address:
https://www.bscscan.com/address/0xE85aFCcDaFBE7F2B096f268e31ccE3da8dA2990A
Logic contract address:
https://www.bscscan.com/address/0xd99955B615EF66F9Ee1430B02538a2eA52b14Ce4
Hacker address:
https://bscscan.com/address/0xf3a465C9fA6663fF50794C698F600Faa4b05c777
Logic contract update transaction:
https://bscscan.com/tx/0xcbc5ff4a6c9a66274f9bde424777c3dc862ab576e282fbea3c9c2609ca3e282b
Attack transaction:
https://www.bscscan.com/tx/0x61e0f3f0dc5cc84f0547799ebb19515ce5f5d20c0b57442135263bcb1b506812
Attacked logic contract code fragment
The hacker called the 0x3b3a5522 function of the logic contract through the proxy contract 0xE85aFCcDaFBE7F2B096f268e31ccE3da8dA2990A, this function does not verify the authority check, and aBNBc tokens are issued.
After being attacked, the project party updated the logic contract address
After being attacked, the project party updated the logic contract again, the mint function has been checked for permissions in the updated logic contract.
The updated address of the logic contract:
https://www.bscscan.com/address/0x9e6616089e3d78faa9b6a1361b67e562c1600871
Token flow direction
The hacker has exchanged the newly issued aBNBc to BNB and transferred them, the remaining large amount of aBNBc is still in the wallet.
Summary
This attack is mainly due to the fact that the issued functions in the logic contract do not have permission check when they do contract upgrade. Therefore, hackers use this vulnerability to issue additional tokens. Currently, whether the upgraded logic contract code has been done security audit and test, or whether the hacker has upgraded the contract due to the leak of the private key, it’s still under investigation without conclusion yet.
Pump.fun has indefinitely disabled its livestreaming feature after widespread abuse, including threats, violence, and price manipulation, shocked the crypto community. Despite boosting moderation efforts and using automated tools, the platform admitted it could not control the surge in harmful content.
CatherineJustin Sun’s $30 million investment in Donald Trump’s DeFi platform, World Liberty Financial, revitalises the struggling WLFI token, which had raised just $21 million of its $300 million goal due to restrictive investor terms.
KikyoTelegram's crypto reserves surged to $1.3 billion, driving profits and offsetting challenges like CEO Pavel Durov's legal issues. Despite growth in ads and subscriptions, concerns over content moderation and debt financing linger.
WeatherlySky Mavis, the developer of Axie Infinity and the Ronin gaming network on Ethereum, has announced staff layoffs even as it hints at the development of a new Axie game.
CatherineRumble is investing up to $20 million in Bitcoin as part of its strategy to diversify its treasury and strengthen ties with the crypto community. This move follows the example of companies like MicroStrategy, which has invested billions in Bitcoin.
JoyThe Dogecoin Foundation is seeking donor support for its Dogebox initiative, aimed at driving global adoption and expanding Dogecoin’s accessibility, but the exact funding target remains undisclosed.
KikyoAlan Joseph, a 36-year-old from Lancaster, Massachusetts, was convicted on 22 November 2024 for operating an unlicensed money transmitting business and laundering money through Bitcoin for criminals involved in trafficking counterfeit goods. He faces up to 20 years in prison and a fine, with sentencing set for February 2025.
AnaisCybercriminals are targeting Apple users with a new scam just in time for Black Friday, exploiting the holiday shopping rush. By sending emails claiming an Apple ID has been suspended, they aim to trick users into revealing sensitive information on fake websites.
WeatherlyLarge Language Models (LLMs) excel at complex business tasks, but experts see promise in energy-efficient Small Language Models (SLMs). With their targeted advantages, could SLMs be AI’s next frontier?
CatherineAuthorities shut down a major scam call centre in the Philippines, arresting over 250 people involved in defrauding Australian men through fake dating and cryptocurrency scams. The Australian Federal Police have launched Operation Firestorm to target organised crime syndicates and protect citizens from these growing scams.
Weatherly