The team behind DeFi protocol Ankr said that a former employee was responsible for a $5 million exploit on its aBNBc token.

In a Dec. 21 blog post, Ankr’s team said that an ex-employee acted maliciously to conduct a supply chain attack by inserting a malicious code package that compromised its private keys.

“We are in the process of working with law enforcement to prosecute the former team member and bring them to justice,” said the team. 

The company also plans to shore up its HR processes to prevent security threats from internal bad actors in the future. Future updates will also require multi-sig authentication and timelocks, they said. 

The exploit in question took place on Dec. 1 when the exploiter minted 20 trillion Ankr Reward Bearing Staked BNB (aBNBc) tokens and cashed out $5 million USDC on decentralized exchange PancakeSwap.

The aBNBc token lost nearly all of its value within minutes of the exploit, falling from $300 to $1.52.

Immediately after the exploit, Ankr asked both centralized and decentralized exchanges to halt all trading activity in the token. The team then identified all token holders and airdropped them a new ankrBNB token that was created to compensate victims and continue operations.  

The DeFi protocol also had to work on re-stabilizing the price of HAY, a decentralized stablecoin on aBNBc’s borrowing platform Helio.

“We will continue purchasing HAY if the token remains unpegged until all funds are spent,” said the Ankr team.

The Helios team said that protocol functions have now resumed, but liquidations will remain paused until users adjust their debt position.