Ankr, a decentralized Web3 infrastructure provider, admitted this week that the $5 million hack that took place earlier this month was an inside job caused by a former employee.

A malicious actor, on Dec. 2, exploited a smart contract of one of Ankr's staking rewards tokens, aBNBc. The actor exploited the bug in its code that allowed unlimited minting of the token deployed to Binance's BNB Chain.

At the time, the team announced that the exploit was due to the stolen deployer key used to upgrade the smart contracts of the protocol, although they also explained that the deployer key had been stolen.

This week, however, Ankr confirmed that a former employee made the "supply chain attack" by planting the malicious code into a package of future updates on the internal software of the team.

"A former team member (who is no longer with Ankr) acted maliciously to conduct a supply chain attack, inserting a malicious code package that was able to compromise our private key once a legitimate update was made," Ankr said in a blog.

"Unfortunately, internal bad actors can affect any protocol and we are working on shoring up internal HR processes and safety measures to strengthen our security posture going forward," the company added.

The crypto company is currently working with authorities to prosecute the former employee. Ankr also assured its customers that it will reinforce its security and noted that while it did not use multi-sig accounts for ownership in the past, it will do so moving forward.

"The exploit was possible partly because there was a single point of failure in our developer key. We will now implement multi-sig authentication for updates that will require signoff from all key custodians during time-restricted intervals, making a future attack of this type extremely difficult if not impossible. These features will improve security for the new ankrBNB contract and all Ankr tokens," Ankr said.

Apart from that, Ankr also said it will improve its human resource practices and will require heightened background checks of all of its employees, including those who work remotely.

"Ankr will now require escalated background checks for all employees (including all contractors and remote workers) while taking extra measures to verify the current status of those currently working at Ankr. We are also reviewing access rights and taking extra steps to minimize entry to any sensitive systems," the post read.

Moreover, Ankr said it will implement new notification systems to notify them more quickly when something goes wrong.

"The team was able to catch the attack extremely quickly, but we can always work on improving our response time. We are implementing new notifications systems to alert key personnel so they can be online faster during any time of day," Ankr added.

After the exploit earlier this month, Ankr reimbursed customers affected by the hack by airdropping ankrBNB and BNB to DeFi liquidity providers.

bitcoin hacker
bitcoin hack https://news.bitcoin.com/european-bitcoin-exchange-hacked-for-1-4-million-claims-it-cannot-afford-to-repay-users/
Read more