Infrastructure provider Ankr released an after-action report announcing the findings from the $aBNBc token exploit.
Ankr said that a former team member (who is no longer with Ankr) acted maliciously to conduct a supply chain attack, inserting a malicious code package that was able to compromise its private key once a legitimate update was made. Ankr is in the process of working with law enforcement to prosecute the former team member and bring them to justice.
In addition, Ankr is implementing several improvements to its security posture, including requiring multi-sig authentication and timelocks for all updates, revamping internal security measures, implementing new monitoring and notification systems, and refining procedures for working with DeFi protocols.
Infrastructure
