Attackers used a compromised wallet to steal $12.5 million of ether, $1 million of Pundi X and $10 million of Bancor Network Tokens; Bancor froze the $10 million, kicking off a debate about whether it is (In Reality) a stable decentralized service.
Attackers managed to steal $23.5 million of three different cryptocurrencies from the decentralized exchange Bancor. Although Bancor was able to mitigate the damages down to $13.5 million, the hacker or hackers are still looking at a future in which they could be millionaires. The hack, which was detected on Monday, kicked off numerous debates such as whether Bancor is supposedly a decentralized service. Bancor dubbed itself as a “decentralized liquidity network” and its protocol uses smart token contracts.
As for what allegedly happened, Bancor said no user wallets were compromised, but “a wallet used to upgrade some smart contracts was compromised.” The attackers used the compromised wallet to steal $12.5 million of ether, $1 million of Pundi X and $10 million of Bancor Network Tokens (BNT).
Trying to clarify, Bancor said “The 24,984 ETH, worth roughly $12.5 million, “was stolen out of BNT’s connector balance (much like a reserve). The rest of the stolen tokens were taken from smart contracts that the breached wallet had access to on the network.”
To understand that clarification, Bancor explained that you must understand how smart tokens work. “A Smart Token like BNT has price discovery build into the smart contract. By sending the smart contract ETH (essentially buying BNT), new BNT tokens are issued and ETH is stored in a connected balance. When BNT is sent back to the smart contract (essentially selling BNT), the BNT tokens are destroyed and a proportional amount of ETH is removed from the token’s connected balance and sent to the seller.”
After Bancor realized the theft occurred, it frozen the $10 million in BNT.
“The ability to freeze tokens was built into the Bancor Protocol to be used in an extreme situation to recover from a security breach, allowing Bancor to effectively stop the thief from running away with the stolen tokens.” But the ability to do that is exactly what kicked off a debate whether Bancor should claim to be truly decentralized.
We are close to reactivating the Bancor Network. We appreciate your support and the healthy debate on the balance between security and decentralization that has ensued.
While unable to freeze the other stolen cryptocurrencies, such as the stolen ether Wallet, Bancor is working with “dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for the thief to liquidate them.”
The company believes it will soon reactivate the Bancor Network and appreciates the “healthy debate on the balance between security and decentralization that has ensued.”