Ankr (aBNBc) + Helio Money (HAY stablecoin): Deployer private key compromise → malicious aBNBc contract upgrade → permissionless infinite mint → PancakeSwap pool drain + Helio collateral collapse
A compromised Ankr deployer key triggered a malicious aBNBc upgrade that minted 60 trillion tokens — but liquidity was so thin only $5M escaped, while a secondary attacker used the worthless tokens to drain $15M from Helio's stablecoin protocol.
Summary #
Ankr (aBNBc) + Helio Money (HAY stablecoin) suffered a Liquid Staking + Stablecoin (dependent protocol cascade) on 2022-12-02, resulting in a loss of approximately $5M.
What happened #
A compromised Ankr deployer key triggered a malicious aBNBc upgrade that minted 60 trillion tokens — but liquidity was so thin only $5M escaped, while a secondary attacker used the worthless tokens to drain $15M from Helio's stablecoin protocol.
Linked factors #
- RD-F-001 — causal : ★ Audit scope mismatch — alternate field name [via dashboard_risk_factors/Exploited code in scope?: No — deployer key compromise is an operational security failure, not a code vulnerability]
- RD-F-006 — causal : Audit-deploy gap — alternate field name [via dashboard_risk_factors/Code newly deployed/upgraded?: Yes — malicious upgrade was deployed during the attack]
- RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — aBNBc price crashed; Helio's oracle failed to update fast enough (secondary exploit)]
- RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action (Y/N): Y — malicious proxy upgrade was the root cause action]