Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

frontend dns hijackDemo

Jun 27, 2022 · $11.1M · frontend

Narrative

On 2022-06-27, Ankr suffered a frontend dns hijack incident resulting in approximately $11,084,749 in losses. The exploit targeted the frontend layer. Attribution: dprk_lazarus. This is a demonstration entry — not a real incident.

Victims

Classification

Root cause
frontend_dns_hijack
Secondary causes
Attack layer
frontend
Strategy
tech_vuln
Actor role
target
Attribution
dprk_lazarus
Attacker address
0x60ca9af7c4aa8e911e2793c4ed147957c157ca98
Flash loan
no
Audited at time
yes
Bounty at time
yes

AADAPT mappings

DEMO:AADAPT.TA0001DEMO:AADAPT.TA0008DEMO:AADAPT.T1071.001DEMO:AADAPT.T1583.001

Evidence

Disclosure date
Jun 28, 2022
Funds recovered
Audit firms at time
Spearbit
Post-mortem URLs (synthetic)
  • https://medium.com/ankr/post-mortem-ankr-2022-06-27
tx hashes (4)
  • 0x11b7992d7bb85cb8f965b84d2f336adac575ea674f97e640ee73efacf6a04d65
  • 0x356b35c66c0908e6fc69155610cb64c20d56a86a0a724a11dfa289208e9c8f03
  • 0x656b14571c10715e53d451bf0866443781eca6c40e518cf99de80496d6d3584d
  • 0x943bb3b5a8570e7de9089e700dfb7a8f819fd77e0856e9edd39cc0809ece173f