Crypto Exchange Bancor Becomes The Victim of Cryptocurrency Theft, $12.5 Million Lost
Israel startup and cryptocurrency trading platform Bancor is the latest victim to the online crypto theft. On Monday, July 9, Bancor reported a “security breach” on its platform resulting in a cryptocurrency token theft worth $12.5 million. Soon following the theft, the exchange immediately suspended its services and is currently under “maintenance”.
Bancor reported about this incident on its Twitter account saying that no user wallets have been compromised. “This morning (CEST) Bancor experienced a security breach. No user wallets were compromised. To complete the investigation, we have moved to maintenance and will be releasing a more detailed report shortly. We look forward to being back online as soon as possible.”
The exchange soon started an investigation in this matter, and later updated the users saying that hackers managed to breach a wallet used to upgrade the smart contracts. The hackers also managed to withdraw ETH from the BNT smart contract in the wallet with reportedly around 24,984 ETH being lost amounting to a total of over $12.5 million.
The updated post also mentions that the exchange has successfully managed to limit further loss and freeze its native BNT tokens stolen by the hackers. It reads: "We were able to freeze the stolen BNT, limiting the damage to the Bancor ecosystem from the theft. The ability to freeze tokens was built into the Bancor Protocol to be used in an extreme situation to recover from a security breach, allowing Bancor to effectively stop the thief from running away with the stolen tokens.”
The post further adds: "It is not possible to freeze the ETH or any other stolen tokens. However, we are now working with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for the thief to liquidate them.”
Bancor started its crypto trading operations after a successful ICO last year where the company managed to raise a whopping $153 million in just three-hours of its launch. Unlike other cryptocurrency exchanges which are mostly centralized, Bancor is developed using a decentralized structure.
Emin Gun Sirer, a professor at Cornell University criticized the exchange for bad operational security methods used in their smart contracts. On his Twitter account, Sirer said: “This looks like a straightforward case of bad opsec at Bancor, instead of a more worrisome flaw in their core contract. Of course, the Bancor contract should not have been centrally controllable to this degree. And the core contract should probably have had some rate limits built into it to avoid sudden drains like this.”