On July 9, the decentralized crypto platform Bancor was compromised. The hackers managed to drain over $23 million worth of crypto, part of which has allegedly already been converted into fiat via the instant exchange service Changelly. While the Bancor team is collaborating with other industry players to track the stolen funds, the recent security breach shows how decentralized platforms deal with security breaches, even though some community members have started to question whether Bancor can be considered a decentralized service at all.
What is Bancor?
Bancor was launched in June 2017 after one of the most successful Initial Coin Offerings (ICOs) in history: It gathered around $153 million in Ethereum (ETH) in just three hours during the crowdfunding stage backed by renown investor Tim Draper, among others. Named after a supranational currency conceptualized by economists John Maynard Keynes and E. F. Schumacher aimed to be used for international trade after World War II, the Tel Aviv-based Bancor is a decentralized cryptocurrency platform that essentially allows users to launch their own tokens.
In more detail, the Bancor protocol enables users to issue so-called “smart tokens,” which can hold one or more tokens in reserve and convert them into other tokens with no counterparty. Bancor integrates its own self-titled token (BNT), which can be traded for any of the other tokens supported by the network, and vice versa.
Thus, the smart token contract is its own market maker. As a result, it automatically provides price discovery and liquidity to other coins. In other words, Bancor is an outlet for selling any digital tokens it lists, even if there is no available buyer for them. It is a decentralized system, and, therefore, does not require KYC procedures and — unlike centralized crypto-trading platforms that recently attracted the harsh criticism of ETH creator Vitalik Buterin, who went as far as to wish them to “burn in hell forever” — does not store all user funds in one place, which potentially might attract hackers.
How did it get hacked?
Nevertheless, on July 9, it became subject to a heist, during which the hackers managed to steal roughly $23.5 million worth of crypto — 3,200,000 BNT (worth $10 million), 24,984 ETH (worth approximately $12.5 million) and 229,356,645 NPXS (worth roughly $1 million). The Bancor team confirmed the theft on its Twitter and swiftly froze the stolen BNT tokens, as such an ability was built into the Bancor protocol “to be used in an extreme situation to recover from a security breach,” limiting the total damage to approximately $13.5 million.
As to what caused the attack to be so successful, Bancor team reported the morning of July 9 that “a wallet used to upgrade some smart contracts was compromised.” All operations were halted, and the platform went offline — Bancor representatives assured Cointelegraph that the service will be up within 24 hours, around 10 hours ago. The platform has also reassured that “no user wallets have been compromised in the attack.”
The heist provoked some community members to question if the platform can be seen as decentralized at all. For instance, Charlie Lee, the creator of Litecoin, wrote on his Twitter:
“A Bancor wallet got hacked and that wallet has the ability to steal coins out of their own smart contracts. An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It’s a false sense of decentralization.”
Community collaboration as the key to dealing with hacks
Now, Bancor hopes to track the stolen funds, part of which have been exchanged via the instant conversion service Changelly, as CEO Konstantin Gladych told Cointelegraph in an elaborating statement:
“Afterward, the tokens were frozen by the Bancor Foundation in our contract. Now we are helping track the stolen funds.”
Moreover, Bancor’s head of communications, Nate Hindman, informed Cointelegraph that the service is coordinating with a number of industry players to come up with tools and technology that would help the industry cooperate more effectively when hacks occur:
“These mechanisms include a real-time blacklist that tracks offending addresses and stolen assets, as well as an emergency fund that compensates projects when thefts occur. There is plenty more to do here and we look forward to working with our peers across the industry to make everyone stronger and smarter as we move forward together. Collaboration is not just a concept, it’s a practice — and we are grateful for the support and assistance.”
When asked whether it is possible to completely prevent these kinds of security breaches, Hindman argued that hacker attacks are becoming more sophisticated — along with the industry, however. Hindman also stressed that crypto platforms can outmaneuver hackers through collaborative effort:
“Together we stand in our efforts to create better tools that prevent thieves from committing crimes and utilizing stolen funds, and better processes for analyzing situations and informing users and relevant parties when they occur.”
Meanwhile, the BNT token is down 15 percent, trading for $2.43, according to coinmarketcap.com.