Ankr, a DeFi protocol built on BNB-Chain, suffered a token exploit on Wednesday.

On Dec. 1, Ankr said its aBNB token had been exploited and it was working with exchanges to immediately halt all trading activity. The exploit appears to be limited to Ankr’s BNB staking token, with the platform stating that all other assets on Ankr Staking are safe at this time.

 

The Ankr Reward Bearing Staked BNB (aBNBc) token lost 99% of its value after the exploit, falling to a low of $1.52 from ahead of $300 before the attack. Ankr’s native token ANKR was also trading 6% lower at the time of writing.

On-chain analysts caught the exploit around an hour before Ankr confirmed the attack. Blockchain wallet tracker Lookonchain reported that an exploiter minted 20 trillion aBNBc tokens and then immediately sold it on decentralized exchange PancakeSwap.

 

 

The attacker exchanged over $5 million worth of stablecoin USDC, data from Etherscan shows. The wallet address, now labelled Ankr Exploiter, has already transferred 900 BNB to coin mixer Tornado Cash.

Some arbitrageurs took advantage of panic selling in other unaffected BNB tokens that followed immediately after the aBNBc exploit. The aBNBx token, native to liquid staking solution Stader built on the BNB Chain, briefly lost 50% of its value following the exploit.

One trader that noticed the discrepancy in price, knowing that it was not in fact an exploit, claimed to have made five times their money within minutes.