Bancor Suffers Security Breach And $13.5 Million Worth Of Tokens Stolen
Bancor, a decentralized exchange and token creation platform went offline on July 9 at around 00:00 UTC after it suffered a security breach.
It was initially feared that the platform may have been hacked and maybe lost funds in the region of several hundred million.
It has since been reported that a total of $13.5 million in cryptocurrency was stolen after a smart contract wallet was compromised.
The first indicator that something was amiss with the platform was a post on Twitter that its web app would be undergoing maintenance.
About three hours later, the platform posted an update, this time acknowledging that the network had suffered a breach. It further stated that the network would remain in maintenance as investigations began.
More importantly, the team asked the community to be patient and that they’d be releasing a detailed statement on what had happened.
When it came, the statement said in part:
“A wallet used to upgrade some smart contracts was compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24,984 ETH (~$12.5M). The same wallet also stole 229,356,645 NPXS (~$1M) and 3,200,000 BNT (~ $10M).”
$13.5 million stolen through Changelly
Bancor’s update says that even though a total of $23.5 million in cryptocurrency was affected, only $13.5 million worth of crypto was stolen by the attackers.
Once it was confirmed that indeed the network had been attacked and that theft had taken place, the platform froze all the stolen Bancor tokens (BNT) and starting working with exchanges and partners.
This in effect helped to limit the damage arising from the attack. The team confirmed that:
“the ability to freeze tokens was built into the Bancor Protocol to be used in an extreme situation to recover from a security breach.”
According to the platform, it was all they needed to do to prevent the thieves from taking off with the Bancor Tokens (BNT). However, that’s as far as they’d go.
Nothing similar could be done with regard to the stolen Ether (ETH) or Pundi X (NPXS) tokens as “[I]t is not possible to freeze the ETH or any other stolen tokens.”
User funds are safe
The Bancor team has reiterated that users on the platform shouldn’t be worried. According to a tweet sent out roughly fifteen hours after the breach, the platform has said that:
“no user wallets have been compromised in the attack.”
The safety of user funds is of the highest priority, a reassurance that everything is under control paramount at this time.
Many have wanted to know if their investments were safe. It’s so after a spate of security breaches and attacks targeting centralized exchanges throughout the year.
Incidentally, the Bancor attack came just a day after the platform had posted on twitter that they agreed with Ethereum founder Vitalik Buterin that decentralized exchanges presented a better solution for blockchain and value exchange.
It came after Vitalik had criticized centralized exchanges.
“Burning in hell” is a bit extreme, but we do agree with @VitalikButerin that #decentralized solutions — such as Bancor — are the future of #blockchain and value exchange
Centralized exchanges have been criticized for being too exorbitant in what they charge to list tokens.
They have also been blamed for being partisan, often using their platforms to elevate a few coins, creating “bigger coins” compared to those not listed.
It has also led to debate whether cryptocurrency needed centralized exchanges or whether they could be utilized alongside decentralized exchanges (“DEX”).
However, one clear advantage of a DEX is that it allows its users to be in charge of their crypto.
Users control their private keys and thus retain ownership to their crypto. It thus helps to avoid too much damage in case of a breach.
Binance recent Syscoin (SYS) hack
A recent compromise on the top crypto exchange Binance saw it create a user fund dubbed SAFU (Secure Asset Fund for Users).
Investigations are ongoing. The Bancor platform remains offline for now and that the team is working with exchanges to ensure that the stolen funds aren’t used by the attackers.
Update on the Bancor situation and hack
An earlier message had asked the community to be patient as the team was “now working with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for the thief to liquidate them.”
A statement released by the team hours after the attack has stated that everything is being done to get things back to normalcy.
The platform has also revealed that they will do all they can to get those involved apprehended. Part of the statement meant to update and reassure the community reads:
“We take the incident very seriously. We are committing every resource to resolve it, getting the network back online and tracking down the criminals involved.”
It has been reported that the cause of the breach may have been and that the vulnerability has been removed.
The team has exuded confidence that it’s going back online within the next few hours. They have also promised to continue giving updates “as and when appropriate”.
These updates will be posted on the official Twitter account as well as Telegram channel.
What’s the Bancor Network (BNT)
Bancor network is a blockchain-based decentralized liquidity platform. The network aims to provide users with an easy, cheaper means to buy and sell cryptocurrencies and tokens.
It also has smart contract functionality that allows users to convert one token to another without the need for an exchange.
The attack has occurred over a year since it completed one of the best initial coin offerings ever.
In 2017, Bancor became one of the top projects to raise millions worth in funding on the Ethereum platform.
The team had managed to raise a total of $153 million within hours. The team went ahead to implement the project that has sought to serve as a decentralized exchange as well as a platform for creating new tokens.
Has the attack affected the Bancor token (BNT)
BNT currently trades at about $2.61 against the US dollar. Data at crypto ranking site CoinMarketCap shows that the token has declined in value by over 14 percent in the last 24 hours. That also takes it further into the red territory over the week.
BNT/USD is currently over 16 percent down in the last 7 days. The token dropped from a high of $3.25 against the US dollar to trade at the current prices.
The crypto has a market cap of $132 million and has seen about $63 million worth of BNT traded in the last 24 hours.
It’s not very clear what the extent of the damage will be, but the belief is that the incident will not have an extended impact on the coin’s value.