security breach

The Ankr protocol experienced a security breach on December 1, 2020, when a former team member conducted a supply chain attack. This attack involved the malicious insertion of code into a package of future updates to the team’s internal software, which created a security vulnerability allowing the attacker to steal the team’s deployer key from the company’s server. The exploit was caused by a stolen deployer key that was used to upgrade the protocol’s smart contracts. Initially, the Ankr team was unable to explain how the deployer key had been stolen, but with the December 20th announcement, they were able to provide more detail on the incident.

The team has alerted local authorities and is attempting to have the attacker brought to justice. The Ankr team is also working to strengthen their security practices to protect access to their keys in the future. They plan to use a multisig account for ownership of their contracts going forward, as this provides an extra layer of security. In addition, the Ankr team is working to develop better systems for detecting malicious code and other security threats. They are also working with their incident response teams to ensure that they are prepared to respond quickly and effectively to any future incidents.

This will make sure that the HAY stablecoin is still backed one-to-one by USDC.

The exploit was possible because of a single point of failure in the developer key. To prevent this from happening in the future, Ankr plans to implement multi-sig authentication for updates that will require signoff from all key custodians during time-restricted intervals. This will make it extremely difficult, if not impossible, for a similar attack to occur in the future.

The company will also improve its human resource practices. All employees, even those who work remotely, will be subjected to “escalated” background checks. Access rights will also be reviewed to make sure that only those who need access to sensitive data can access it. A new notification system has also been implemented to alert the team quickly when something goes wrong.

Overall, Ankr has taken decisive action to ensure the security of the new ankrBNB contract and all Ankr tokens. The implementation of multi-sig authentication and an improved human resource practices will help to make sure that the protocol is secure and that future exploits are prevented. The company is also taking steps to make sure that those who were affected by the exploit are taken care of

 

Previous articleCaroline Ellison, the Chief of Alameda, and Gary Wang of FTX, Plead Guilty to “Fraud” Charges
Next articleTom Brady, Kevin O’Leary, and Coinbase Not Spared from Being Named as Major Creditors in Bankruptcy Filing of FTX
Victor Fields
Started out as a journalist in finance, intrigued by blockchain and have been covering major development of the space since. With strong believe in transparency and mass education, general public deserves the access to information.