Bancor Urges Industry Players to Collaborate After $23.5 Million Hack

Published at: July 10, 2018

On July 9, the decentralized crypto platform Bancor was compromised. The hackers managed to drain over $23 million worth of crypto, part of which has allegedly already been converted into fiat via the instant exchange service Changelly. While the Bancor team is collaborating with other industry players to track the stolen funds, the recent security breach shows how decentralized platforms deal with security breaches, even though some community members have started to question whether Bancor can be considered a decentralized service at all.

What is Bancor?

Bancor was launched in June 2017 after one of the most successful Initial Coin Offerings (ICOs) in history: It gathered around $153 million in Ethereum (ETH) in just three hours during the crowdfunding stage backed by renown investor Tim Draper, among others. Named after a supranational currency conceptualized by economists John Maynard Keynes and E. F. Schumacher aimed to be used for international trade after World War II, the Tel Aviv-based Bancor is a decentralized cryptocurrency platform that essentially allows users to launch their own tokens.

In more detail, the Bancor protocol enables users to issue so-called “smart tokens,” which can hold one or more tokens in reserve and convert them into other tokens with no counterparty. Bancor integrates its own self-titled token (BNT), which can be traded for any of the other tokens supported by the network, and vice versa.

Thus, the smart token contract is its own market maker. As a result, it automatically provides price discovery and liquidity to other coins. In other words, Bancor is an outlet for selling any digital tokens it lists, even if there is no available buyer for them. It is a decentralized system, and, therefore, does not require KYC procedures and — unlike centralized crypto-trading platforms that recently attracted the harsh criticism of ETH creator Vitalik Buterin, who went as far as to wish them to “burn in hell forever” — does not store all user funds in one place, which potentially might attract hackers.

How did it get hacked?

Nevertheless, on July 9, it became subject to a heist, during which the hackers managed to steal roughly $23.5 million worth of crypto — 3,200,000 BNT (worth $10 million), 24,984 ETH (worth approximately $12.5 million) and 229,356,645 NPXS (worth roughly $1 million). The Bancor team confirmed the theft on its Twitter and swiftly froze the stolen BNT tokens, as such an ability was built into the Bancor protocol “to be used in an extreme situation to recover from a security breach,” limiting the total damage to approximately $13.5 million.

As to what caused the attack to be so successful, Bancor team reported the morning of July 9 that “a wallet used to upgrade some smart contracts was compromised.” All operations were halted, and the platform went offline — Bancor representatives assured Cointelegraph that the service will be up within 24 hours, around 10 hours ago. The platform has also reassured that “no user wallets have been compromised in the attack.”

The heist provoked some community members to question if the platform can be seen as decentralized at all. For instance, Charlie Lee, the creator of Litecoin, wrote on his Twitter:

“A Bancor wallet got hacked and that wallet has the ability to steal coins out of their own smart contracts. An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It's a false sense of decentralization.”

Community collaboration as the key to dealing with hacks

Now, Bancor hopes to track the stolen funds, part of which have been exchanged via the instant conversion service Changelly, as CEO Konstantin Gladych told Cointelegraph in an elaborating statement:

“Afterward, the tokens were frozen by the Bancor Foundation in our contract. Now we are helping track the stolen funds.”

Moreover, Bancor’s head of communications, Nate Hindman, informed Cointelegraph that the service is coordinating with a number of industry players to come up with tools and technology that would help the industry cooperate more effectively when hacks occur:

“These mechanisms include a real-time blacklist that tracks offending addresses and stolen assets, as well as an emergency fund that compensates projects when thefts occur. There is plenty more to do here and we look forward to working with our peers across the industry to make everyone stronger and smarter as we move forward together. Collaboration is not just a concept, it’s a practice — and we are grateful for the support and assistance.”

When asked whether it is possible to completely prevent these kinds of security breaches, Hindman argued that hacker attacks are becoming more sophisticated — along with the industry, however. Hindman also stressed that crypto platforms can outmaneuver hackers through collaborative effort:

“Together we stand in our efforts to create better tools that prevent thieves from committing crimes and utilizing stolen funds, and better processes for analyzing situations and informing users and relevant parties when they occur.”

Meanwhile, the BNT token is down 15 percent, trading for $2.43, according to coinmarketcap.com.

Tags
Blockchain
Cryptocurrency Exchange
Hackers
Security
Bancor
Related Posts
Blockchain platform offers security and accountability that DeFi cannot
A fintech platform is taking on the decentralized finance craze with a focus on security, stability and accountability that DeFi platforms, by their very nature, cannot match. “Crypto has a reputation problem and we hope to fix that,” crypto exchange and lender YouHodler CEO Ilya Volkov said. “We want to be as safe and reputable as your local TradFi bank but with an innovative twist that lets users harness the power of blockchain-based financial services.” Call it TradFi with a fintech twist, as YouHodler offers crypto-collateral loans on 30 cryptocurrencies, an exchange with a fiat off-ramp, high-interest savings, and a …
Technology / July 27, 2021
Not your keys, not KuCoin's: Red flags ignored
Back in April of 2020, Cointelegraph took a close look at the KuCoin cryptocurrency exchange. Investigating the apparent lock of the primary domain name, which was a result of a legal case under the jurisdiction of the High Court of Singapore, we concluded that: In the absence of clarity from any of the individuals mentioned in this article, or from the company itself, users of the KuCoin cryptocurrency exchange will likely want answers on whether they are sending their money to Singapore, the Seychelles, China — or anywhere else in the world. Now $150 million is missing from KuCoin in …
Blockchain / Sept. 26, 2020
$5M stolen from a European crypto exchange after hot wallets compromised
Crypto exchange Eterbase recently fell victim to a hack of its hot wallets. According to a statement issued by the Slovak Republic-based exchange, hackers extracted approximately $5.4 million from the exchange’s accounts on August 8. Shortly thereafter, Eterbase assured users that law enforcement had already been informed about the incident. The company also said that they’ve contacted all major exchanges that may receive these coins at some point, likely in the hope of recovering some of the missing funds. The exchange did not specifically disclose which firms had been contacted, nor how the attack was accomplished due to “ongoing investigations” …
Blockchain / Sept. 9, 2020
Researchers Claim Crypto Exchange Hacks Happen in Three Ways
Researchers at the Black Hat security conference revealed that crypto exchanges might be vulnerable to hackers. Although crypto exchanges have high privacy and security to protect their funds, researchers still found three ways hackers can attack these crypto exchanges, according to Wired on August 9. The crypto exchange attacks were operating more like “an old-timey bank vault with six keys that all have to turn at the same time,” the report said. Cryptocurrency private keys were broken into smaller pieces. It means an attacker has to find them together before stealing funds. Aumasson, a cryptographer, and Omer Shlomovits, cofounder of …
Blockchain / Aug. 9, 2020
Hacker Moves 2.09 Mln EOS Following Blacklist Update Failure
An anonymous hacker managed to move 2.09 million EOS ($7.7 million) from a hacked account due to an alleged failed update by an EOS block producer (BP), according to a Telegram post by EOS block producer EOS42 on Feb. 23. The EOS blockchain has a feature that requires BPs to blacklist compromised accounts; all top 21 BPs are required to blacklist a certain account in order for the blacklist to function properly. On Feb. 22, a new EOS block producer dubbed “games.eos” apparently did not update the blacklist for EOS mainnet accounts. Subsequently, the security team of major global crypto …
Blockchain / Feb. 25, 2019