banner
Bancor hacked, and its funds frozen
Bancor hacked, and its funds frozen
Blockchain

Bancor hacked, and its funds frozen

By Aneta Karbowiak - 10 Jul 2018

Chevron down
Listen this article
download

Complaints from users keep on rising about Bancor Exchange’s funds frozen.

And to think that a few days ago Vitalik Buterin’s position had caused quite the ruckus: “I would like all centralized exchanges to burn in hell”.

The creator of Ethereum had also proposed DEX as the best alternative. A few hours later, however, a decentralized exchange suffered a hacker attack.

Yesterday morning, in fact, Bancor announced on Twitter that the site would be under maintenance, except to add then a news on the hacker attack:

“This morning (CEST) Bancor has suffered a security breach. No user wallets have been compromised. To complete the investigation, we have moved on to maintenance and will be releasing a more detailed report shortly. We look forward to being back online as soon as possible. “

funds frozen

Within a few hours, the price of the BNT token fell 20%. The price fluctuated around the monthly highs of $ 3.24, but the news brought it down to 2.51 $.

Social media users have started posting the account addresses on which the funds stolen by Bancor have been deposited. It turns out that hackers have managed to steal more than 25,000 ETHs, 2.5 million BNTs.

Bancor then published an official statement in which he confirmed the attack.

The hacker managed to enter the wallet dedicated to the upgrade of some smart contracts.

“A wallet used to update some smart contracts has been compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24,984 ETH (~ $ 12.5 million). The same wallet also stole:

229,356,645 NPXS (~ $ 1M) and 3,200,000 BNT (~ $ 10 million) “

But what created controversy was not so much the hacker attack itself as the fact that Bancor announced the freezing of the stolen BNT tokens.

“Once the theft was identified, we were able to freeze the stolen BNTs, limiting the damage to Bancor’s ecosystem from the theft.”

The ability to freeze tokens has been incorporated into the Bancor protocol to be used in an extreme situation like yesterday.

This feature allows the company to “recover from a security breach, allowing Bancor to effectively stop the thief from escaping with the stolen tokens.”

It was not possible to freeze ethereum and NPXT tokens, but communication with other cryptocurrency exchanges was established to track the funds and make the withdrawal from hackers more difficult. However, it has been repeatedly reiterated on various social media that user funds are safe and have not been compromised by the attack.

The accusation against DEX

The influential figures in the industry have accused Bancor of not being a decentralized exchange, considering his ability to exercise a central power that he expressed in freezing the tokens.

The creator of DogeCoin wrote: “The key thing here is not the hack itself: it’s the fact that the Bancor team has had the opportunity to freeze the funds. How many other decentralized DApps have a centrally controlled built-in kill switch? “

https://twitter.com/ummjackson/status/1016455890294091776

Palmer adds that even Kyber Network, another decentralized exchange, has incorporated a function that allows the network to be stopped

https://twitter.com/ummjackson/status/1016457850145550336

Charlee Lee of Litecoin wrote: “A Bancor wallet has been hacked and that wallet has the ability to steal tokens from its smart contracts. An exchange is not decentralized if it can lose customers ‘funds or if it can freeze customers’ funds. Bancor can do BOTH. It’s a false sense of decentralization. “

Bancor’s defense

Bancor defends itself by saying that the ability to block tokens to recover from a breach of security has always been public and is only enabled in extreme cases such as a hacker attack and that precautions were taken already last year when Yudi Levi Bancor’s CTO decided to draw conclusions from the DAO attack and implement additional security regulations to prevent this type of attack.

Omri Cohen from the Bancor team told Telegram yesterday: “BNT is still being managed by the Bancor Foundation. Releasing a new token standard on a blockchain that does not support upgradeable smart contracts is incredibly dangerous without some level of control. We have learned the dangers of what happened in the DAO hack. Full decentralization is the purpose, not the beginning. “

Nate Hindman, head of communications, told Cointelegraph that hackers are becoming “more mature and sophisticated along with industry and projects’’ , but that collaboration between cryptocurrency exchanges could eradicate cybercriminals: “Together we stand in our efforts to create better tools that prevent thieves from committing crimes and utilizing stolen funds, and better processes for analyzing situations and informing users and relevant parties when they occur.”

Bancor’s ability to freeze tokens to recover from a security breach has always been public.
It is nothing new or secret.

The ecosystem is still in its beta phase and until it is fully tested and stable, it is a good practice to keep smart contracts upgradable in case of critical bugs and equipped with a security switch in case of attacks Bancor smart contract automaically upgrades in two years (3 from luanch) to is immutable state.

Other tokens that include the freeze function are EOS, Tron, OmiseGo, Augur, Icon, Aelf, Qash, Enigma and Maker.

The world of cryptocurrencies is increasingly implementing these freeze techniques to have the possibility to limit the damage created by hackers and the opinion on the legitimacy of these backdoors are divided.

Considering, however, the growing number of teams that choose this option, this type of user protection could become a fairly common practice in the blockchain world.

“Since there is no effective decentralized governance, STILL, the smartest way to launch anything decentralized is to be on the road to decentralization, with an appreciation for today’s shortcomings.”

 

Aneta Karbowiak
Aneta Karbowiak

Graduated in Biology from the University of Genova, she was soon interested in the development of mobile applications and chatbots. She entered the publishing world as manager of an English sports website where she managed a team of ten people. Passionate about blockchain technology and cryptocurrencies, she began writing for Qubithacker.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.