Bancor

Bancor Hack - July 9, 2018

Overview

At the beginning of July 2018, hackers stole approximately $23.5 million in cryptocurrency from the 'decentralized' crypto exchange Bancor (got away with about $13M after recovery efforts). The hack took place on July 9 at 00:00 UTC.

What Was Stolen

The attempt included $12.5 million in Ethereum along with BNT and NPXS tokens totaling $11 million. More specifically, the hackers managed to steal roughly $23.5 million worth of crypto:

• 3,200,000 BNT (worth $10 million)

• 24,984 ETH (worth approximately $12.5 million)

• 229,356,645 NPXS (worth roughly $1 million)

How the Attack Occurred

According to Bancor, a wallet used to update some smart contracts was breached and used to withdraw the cryptocurrency. The compromised wallet granted the attacker access to updating the smart contracts responsible for converting user funds. Bancor says the hacker used this access to withdraw 24,984 Ether (ETH) coins (~$12.5 million) from Bancor smart contracts and sent the Ether to his own private wallet.

Response and Mitigation

Bancor was able to block the transfer of $10M of BNT, Bancor's native digital currency. Bancor immediately created a coalition with Changelly, through which the hackers tried to withdraw funds. This security breach forced the firm to shut down operations.

Controversy Over Decentralization

The hack sparked significant debate about Bancor's decentralization claims. A crucial detail is that Bancor was able to quickly stem losses in the cryptocurrency it created and issued. Included in the Bancor code is a mechanism that allows the company the ability to freeze movements of the BNT token. Critics argued this contradicted claims of being truly decentralized.

Sources

• Lazarus Bluenoroff Bancor Research - GitHub

• Bancor Exchange Hack - Apriorit

• Bancor $13.5M Hack - CoinDesk

• Bancor Hack - TechCrunch

• Bancor Hack - BleepingComputer