Ankr & Helio Protocol Hack
Summary
On December 1–2, 2022, a former Ankr employee carried out a supply chain attack that compromised the protocol's deployer private key, enabling the minting of trillions of aBNBc tokens and the draining of approximately $5 million in liquidity. Hours later, a separate attacker exploited Helio Protocol's slow price oracle to borrow $16.4 million in HAY stablecoin against nearly worthless aBNBc collateral, ultimately netting around $15.5 million. Combined losses exceeded $20 million, making it one of the most significant DeFi insider-threat incidents of 2022.
Connected Entities
1 entities · 10 linked investigationsTimeline(11 events)
2022-12-01
Former Ankr employee's previously inserted malicious code extracts the deployer private key from Ankr's internal server. The attacker uses the key to deploy a modified aBNBc contract with an unauthorized minting function.
CoinDesk: Ankr ex-employee disclosure2022-12-02
At approximately 00:35 UTC, PeckShield detects anomalous aBNBc minting. Attacker mints approximately 6 quadrillion aBNBc tokens and dumps them on BNB Chain DEXes, netting roughly $5 million in USDC before bridging to Ethereum. aBNBc price falls 99.5% to under $2.
Ankr Blog: The aBNBc Token Report2022-12-02
A second attacker purchases 183,885 aBNBc tokens on 1inch for ~10 BNB (~$2,879), deposits them into Helio Protocol, and borrows 16,444,740 HAY (~$16.4M) via a stale price oracle. HAY is swapped for ~15.5M BUSD and transferred to Binance.
CoinDesk: How Attackers Made $15M From Helio After Ankr Exploit2022-12-02
Ankr confirms the exploit publicly and asks exchanges to halt trading of aBNBc. Binance CEO Changpeng Zhao announces Binance has frozen approximately $3 million of stolen funds.
The Record: Binance freezes $3M from Ankr hack2022-12-02
HAY stablecoin de-pegs to $0.20. Helio Protocol pauses all operations and initiates a HAY buyback program. Ankr announces $5M compensation plan for affected liquidity providers.
BeinCrypto: BNB-Based HAY Destablecoin Loses Peg Following Ankr Exploit2022-12-05
Ankr discloses formal reimbursement plan for affected users, specifying compensation only for liquidity providers 'caught off guard' — not for traders who purchased aBNBc after the exploit became public.
CoinTelegraph: Ankr says no one should trade aBNBc2022-12-09
Ankr airdrops ankrBNB tokens to prior aBNBc and aBNBb holders based on December 2 snapshot. aBNBc and aBNBb tokens are officially discontinued.
Ankr Blog: Recovery Program Targets and Milestones2022-12-12
Ankr completes BNB airdrops to affected DeFi liquidity pool participants. Ankr deploys $15M additional recovery fund directed at Helio's bad debt, purchasing excess HAY.
FinanceFeeds: Ankr airdrops new tokens, bought 6.8M HAY to ease bad debts2022-12-20
Ankr publicly discloses that a former team member conducted the attack via a supply chain exploit, inserting malicious code into an internal software update to steal the deployer key. Ankr states law enforcement has been alerted.
CoinDesk: DeFi Protocol Ankr Says Ex-Employee Caused $5M Exploit2023-07-04
Helio Protocol announces a strategic merger with Synclub, a BNB Chain liquid staking provider, beginning the transition toward a new brand identity.
Lista DAO Medium: Helio & Synclub Merger2024-02-06
Helio Protocol and Synclub officially relaunch as Lista DAO. HAY is renamed lisUSD, SnBNB is renamed lisBNB, and HELIO governance token is renamed LISTA.
Lista DAO X announcementDecision Log
- hash: 5EiEH3B84RhvaXyyFygVA4khPXgdmsR3jk7yd3M7aNVR
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/31/2026, 6:58:45 AM
last updated: 5/31/2026, 6:58:49 AM
avoid.net — verified advice for a post-truth world