A group calling itself “Victims of Ankr Exploit” have claimed that its members lost over 13,000 BNB liquid staking coins (over $4 million worth at the time of writing) as a result of the Dec. 2 Ankr exploit, but have not been adequately reimbursed by the Ankr company. According to a Jan. 19 statement from the group received by Cointelegraph, affected members alleged that they have only received half of the amount they lost. The group has called on Binance’s Chanpeng Zhao (also known as “CZ”) to put pressure on Ankr to get the funds released.
1/4 We, the victims of Ankr exploit, are increasing the reward from 100 BNB to 110 BNB (worth $28700 currently) for the person (including influencers and media) that:
— Alex Soh (@AlexSoh14) January 7, 2023
The group specifically claimed that a reimbursement plan posted by Ankr on Dec. 20 has been unfair to liquidity providers at Wombat exchange. Under this plan, Ankr proposed to “partially cover the loss of stkBNB liquidity providers on Wombat.” Ankr argued that a full reimbursement would be unfair because “the nature of the mixed liquidity pools” on Wombat made it hard to determine how much liquidity providers had lost.
The Ankr exploit victim group admitted that Ankr compensated them with 50% of the BNB lost in the attack, but insisted that it should have compensated them 100%.
The group argued that Ankr has refused to compensate them fully because the stkBNB and BNBx liquid staking tokens lost were competitors to Ankr’s own ankrBNB tokens:
“It is obvious that there is a segregation and discrimination of victims that is unjustifiable. And [a] fact that out of X protocols impacted, only two of them (Stader and pSTAKE), direct competitors of Ankr, see their users discriminated as victims.”
Citing a tweet from ZachXBT, they argued that Ankr has the ability to compensate them fully because it recovered 1,559 ETH (approximately $2.4 million worth at the time of writing) from Huobi Global after the attacker tried to use it to cash out.
The Ankr team responded to these allegations through a Jan. 25 email sent to Cointelegraph. In the email, the Ankr representative stated that the reimbursement plan was “more than generous” to liquidity providers on Wombat. From the company’s perspective, much of the stkBNB and BNBx losses on Wombat were due to poor risk management of these rival staking protocols and illiquidity on Wombat, as they explained:
“50% of all BNBx and stkBNB liquid staking was on Wombat alone due to Stader and pStake incentives. This represents an obvious concentration risk[…]Ankr cannot be held responsible for the lack of risk management of other pools. To put things in context, Ankr paid Wombat pools in all 4x more than the aBNBc TVL we had on Wombat, which is more than generous”
The team argued further that critics of the plan do not understand the “flow of money” that led to the loss of funds, stating:
“We have to comprehend what happened and follow the flow of money. The exploiter sold aBNBc on Wombat against BNB and then against BNBx and stkBNB. Then he sold BNBx and stkBNB on other DEX where there was more BNB liquidity[…]In this story, some people made money.”
The Ankr team also argued that it has not recovered enough funds to compensate users, stating that “criminal investigations are ongoing to recover part of the funds, and the amount we think we can recover is significantly less than what we paid.”
The Ankr BNB staking protocol was hacked on Dec. 2, 2022, and the attacker was able to obtain $5 million in crypto from the attack. On Dec. 21, the company announced that the attack had been carried out by an ex-employee. In the same announcement, it vowed to shore up its security practices and reimburse victims.