Bancor Hack


With the hack of Bithumb still fresh on my mind, I wasn’t expecting to see another hack so soon. On July 9th, the Swiss/Israeli exchange reported that “a wallet used to upgrade some smart contracts was compromised.” As a result, the attackers made off with $12.5 million in Ethereum, $1 million in Pundi X’s NPXS token and $10 million in Bancor’s BNT. Bancor was one of the most successful ICO’s of 2017, raising $153 million in Ethereum (ETH) in just three hours during the crowdfunding stage backed by renown investor Tim Draper, among others. Bancor stated that they were able to freeze the BNT tokens, but the other funds remain missing. Bancor went offline for a couple of days before it came back online on July 11th.

Nate Hindman, Bancor’s head of communication, gave a statement on the security measures that Bancor is implementing to track the hacker, saying, “These mechanisms include a real-time blacklist that tracks offending addresses and stolen assets, as well as an emergency fund that compensates projects when thefts occur. There is plenty more to do here and we look forward to working with our peers across the industry to make everyone stronger and smarter as we move forward together. Collaboration is not just a concept, it’s a practice — and we are grateful for the support and assistance.”

Besides the obvious security flaws, Bancor has been receiving a lot of flack regarding the level of decentralization the exchange claims. This is summed up well by a tweet from Litecoin creator, Charlie Lee, who is an influential figure in the crypto community. Charlie wrote: “A Bancor wallet got hacked and that wallet has the ability to steal coins out of their own smart contracts. An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It’s a false sense of decentralization”. In a twist of irony, the day before they got hacked, Bancor tweeted their approval of Vitalik Buterin’s statement on how centralized exchanges should “burn in hell”.

Bancor defended themselves with a later tweet, basically saying:

  1. All of the stolen crypto was either stolen from Bancor’s reserve, or from contracts that the compromised wallet had direct access to. The hacker was NOT able to simply reach their hand into other user’s wallets.
  2. The freezing technology that they used for frezzing the BNT tokens is a necessary measure to ensure the safety of their users (security over decentralization basically)

Interestingly enough, this hack didn’t seem to affect the cryptocurrency prices very much.This was not the case a couple weeks ago when Bithumb was hacked and the prices of everything tanked for a bit. It is interesting to see how each exchange reacts differently to adversities and I’m sure that Bancor will go to great measures to make sure this never happens again.