← Ankr3 decisions on this page

Audit log

Every state-changing event for Ankr: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-28 16:29:12Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 422,756,724
sig
4fnUf8ERbZqB…NQfNjPcfexplorer ↗
hash
44EDSHq2t28n…NSfTxDYSsha256 → base58
verifying row…full verify ↗
canonical bytes (6628 B) ▸
{"actor":"system:backfill","investigation_id":"7a1254db-5cf5-448b-99b9-e773bf1ae9ee","kind":"publish","page_slug":"ankr","published_at":"2026-05-28T16:29:12.313Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Ankr","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://kriptomat.io/cryptocurrencies/ankr/what-is-ankr/","type":"other","url":""},{"credibility":3,"name":"https://www.ankr.com/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.ankr.com/blog/after-action-report-our-findings-from-abnbc-token-exploit/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/ankr-confirms-exploit-asks-for-immediate-trading-halt","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/ankr-helio-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-ankr-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2022/12/21/defi-protocol-ankr-says-ex-employee-caused-5m-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/ankr-helio-rekt","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/ankr-deploys-15m-to-make-whole-users-as-helio-stablecoin-recovers-after-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2022/12/03/helio-protocol-exploited-for-15m-after-ankr-exploit/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/bnb-based-hay-destablecoin-loses-peg-ankr-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.ankr.com/blog/after-action-report-our-findings-from-abnbc-token-exploit/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/ankr-says-ex-employee-caused-5m-exploit-vows-to-improve-security","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2022/12/21/defi-protocol-ankr-says-ex-employee-caused-5m-exploit","type":"other","url":""},{"credibility":3,"name":"https://blockworks.co/news/ankr-confirms-5m-crypto-hack-was-an-inside-job","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/ankr-exploit-victims-group-alleges-the-company-only-reimbursed-them-50","type":"other","url":""},{"credibility":3,"name":"https://zycrypto.com/ankr-reveals-compensation-plan-for-users-affected-by-5-million-hack/","type":"other","url":""},{"credibility":3,"name":"https://www.ankr.com/blog/the-details-of-ankrs-bnb-exploit-relief-efforts-and-our-stance-on-compensation/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/markets/2022/12/02/defi-protocol-ankr-exploited-for-over-5m","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.ankr.com/blog/after-action-report-our-findings-from-abnbc-token-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.ankr.com/blog/ankr-2025-wrap-up/","type":"other","url":""},{"credibility":3,"name":"https://www.ankr.com/blog/ankr-approach-to-safety-risk-and-protecting-our-community/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/ankr-says-ex-employee-caused-5m-exploit-vows-to-improve-security","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://zachxbt.mirror.xyz/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@investigationsbyzachxbt","type":"other","url":""}]}],"sources_used":[],"summary":"Ankr is a Web3 infrastructure and liquid staking protocol founded in 2017, providing RPC endpoints for over 75 blockchains and BNB Chain-based liquid staking products. In December 2022, a former employee executed a supply chain attack that compromised Ankr's private deployer key, enabling unlimited minting of aBNBc tokens and resulting in approximately $5 million in direct losses, with cascading secondary losses of roughly $19 million through Helio Protocol's HAY stablecoin depeg. Ankr subsequently compensated affected users, implemented multi-signature controls, and continues to operate, though questions persist over the completeness of user reimbursement.","timeline":[{"date":"2017-01-01","event":"Ankr founded by Chandler Song, Ryan Fang, and Stanley Wu.","source":""},{"date":"2019-03-01","event":"ANKR token launched via ICO on Binance Launchpad, raising approximately $18.7 million.","source":""},{"date":"2019-01-01","event":"Ankr mainnet released.","source":""},{"date":"2020-01-01","event":"Ankr launches Stkr liquid staking protocol, introducing aBNBc and related derivatives.","source":""},{"date":"2022-12-01","event":"Former Ankr employee's malicious supply chain code activates upon a legitimate software update, exfiltrating the deployer private key.","source":""},{"date":"2022-12-02","event":"Attacker deploys malicious aBNBc contract and mints approximately 60 trillion aBNBc tokens. PeckShield flags exploit at 12:35 UTC. Approximately $5 million extracted via PancakeSwap and bridged to Ethereum. aBNBc price crashes ~99.5%.","source":""},{"date":"2022-12-02","event":"Secondary exploit against Helio Protocol: attackers use collapsed aBNBc as collateral to drain approximately $15.5 million from Helio's HAY stablecoin pool via an unupdated price oracle. HAY depegs to $0.20.","source":""},{"date":"2022-12-02","event":"Approximately 3,360 ETH laundered through Tornado Cash; additional 900 BNB sent through Tornado Cash.","source":""},{"date":"2022-12-02","event":"Ankr issues public statement confirming exploit, requests trading halt on aBNBc, announces compensation plan.","source":""},{"date":"2022-12-21","event":"Ankr formally attributes attack to a former team member, announces law enforcement referral, and details new multi-signature security controls.","source":""},{"date":"2023-01-01","event":"Victims group publicly alleges Ankr provided only 50% reimbursement to users affected through Stader and pStake protocols.","source":""},{"date":"2024-01-01","event":"Ankr's Asphere enterprise arm achieves SOC 2 Type 1 compliance.","source":""},{"date":"2025-01-01","event":"Ankr's Asphere achieves SOC 2 Type 2 compliance. No public confirmation of prosecution of the former employee has been reported.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision e83dfcdc-3426-4af3-9f82-5222aa33c59b
#2reviewby reviewerreviewer
2026-06-14 23:16:00Z
Score: 38 → 38 (no score change)
Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Ankr is a legitimate, operating Web3 infrastructure company founded in 2017 that suffered a material insider attack in December 2022 when a former employee executed a supply chain exploit. The company responded by compensating the vast majority of affected users at 100% (17 of 19 protocols), implementing multi-signature security controls, and continuing to grow its enterprise infrastructure business (SOC2 Type 1 achieved 2024, Type 2 in progress). There is no evidence of fraud, exit scam, Ponzi mechanics, or regulatory enforcement. The current score of 38 (WARNING band) is over-penalized: it conflates Ankr being a victim of an insider crime with Ankr being a fraudulent operator, and it partially attributes Helio Protocol's separate architectural vulnerability to Ankr's culpability. The unresolved material caveats — a narrow partial-compensation dispute with a subset of LP users, no public prosecution confirmation, and a single historical insider-attack — appropriately place Ankr in CAUTIONARY (50-69) rather than WARNING. A score of 58 reflects the serious but resolved nature of the incident, the company's substantive compensatory response, and its continued operation as a credible infrastructure provider.
anchoranchored
chain
●mainnet-betaslot 426,514,522
sig
5tB4SCXHNujU…xHTsSXXvexplorer ↗
hash
AqrHcu4zqecH…hYc33RRzsha256 → base58
verifying row…full verify ↗
canonical bytes (1706 B) ▸
{"actor":"reviewer","decided_at":"2026-06-14T23:16:00.536Z","decision":"review","investigation_id":"7a1254db-5cf5-448b-99b9-e773bf1ae9ee","new_score":38,"page_slug":"ankr","prev_score":38,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Ankr is a legitimate, operating Web3 infrastructure company founded in 2017 that suffered a material insider attack in December 2022 when a former employee executed a supply chain exploit. The company responded by compensating the vast majority of affected users at 100% (17 of 19 protocols), implementing multi-signature security controls, and continuing to grow its enterprise infrastructure business (SOC2 Type 1 achieved 2024, Type 2 in progress). There is no evidence of fraud, exit scam, Ponzi mechanics, or regulatory enforcement. The current score of 38 (WARNING band) is over-penalized: it conflates Ankr being a victim of an insider crime with Ankr being a fraudulent operator, and it partially attributes Helio Protocol's separate architectural vulnerability to Ankr's culpability. The unresolved material caveats — a narrow partial-compensation dispute with a subset of LP users, no public prosecution confirmation, and a single historical insider-attack — appropriately place Ankr in CAUTIONARY (50-69) rather than WARNING. A score of 58 reflects the serious but resolved nature of the incident, the company's substantive compensatory response, and its continued operation as a credible infrastructure provider.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 014ed1e0-a1a2-4c52-8ffb-34761eafa53c
#3review approveby judgejudge
2026-06-14 23:16:00Z
Score: 38 → 58 (+20)
This is a severity-calibration adjudication. The reviewer found zero disputed claims (disputed_pct = 0%) and confirmed all six claim_findings as supported. Ankr suffered an insider supply chain attack by a former employee in December 2022 — it was not a fraudulent operator. The current score of 38 (WARNING band) over-penalizes the entity by attributing Helio Protocol's separate oracle vulnerability (claim_findings[2], ~$15–15.5M in Helio losses) as Ankr's direct culpability, and by understating that 17 of 19 affected protocols received 100% compensation (claim_findings[1]). The remaining caveats — a narrow 50% partial-reimbursement dispute with Stader/pStake LP users and no confirmed prosecution — are real but do not rise to WARNING severity for a company with no regulatory enforcement (claim_findings[4]) and active legitimate operations serving 80+ blockchains (claim_findings[5]). A score of 58 in the CAUTIONARY band correctly reflects the serious-but-resolved nature of the incident. Reviewer confidence was 0.82; this verdict is consistent with that confidence level.
anchoranchored
chain
●mainnet-betaslot 426,514,528
sig
2KBfrv1mCqFt…Lyy7kGBFexplorer ↗
hash
9e9TDMXKDRbn…PbW1hKVpsha256 → base58
verifying row…full verify ↗
canonical bytes (1430 B) ▸
{"actor":"judge","decided_at":"2026-06-14T23:16:00.536Z","decision":"review_approve","investigation_id":"7a1254db-5cf5-448b-99b9-e773bf1ae9ee","new_score":58,"page_slug":"ankr","prev_score":38,"reason":"This is a severity-calibration adjudication. The reviewer found zero disputed claims (disputed_pct = 0%) and confirmed all six claim_findings as supported. Ankr suffered an insider supply chain attack by a former employee in December 2022 — it was not a fraudulent operator. The current score of 38 (WARNING band) over-penalizes the entity by attributing Helio Protocol's separate oracle vulnerability (claim_findings[2], ~$15–15.5M in Helio losses) as Ankr's direct culpability, and by understating that 17 of 19 affected protocols received 100% compensation (claim_findings[1]). The remaining caveats — a narrow 50% partial-reimbursement dispute with Stader/pStake LP users and no confirmed prosecution — are real but do not rise to WARNING severity for a company with no regulatory enforcement (claim_findings[4]) and active legitimate operations serving 80+ blockchains (claim_findings[5]). A score of 58 in the CAUTIONARY band correctly reflects the serious-but-resolved nature of the incident. Reviewer confidence was 0.82; this verdict is consistent with that confidence level.","score_delta":20,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision db2543a8-e14a-4929-8f72-3a67ddf529f5

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.