Bancor recently suffered a hack which resulted in $23,5 million USD worth of Ethereum [ETH], Bancor Network Token [BNT] and Pundi X [NPXS] being stolen from its wallets. The Bancor project was kept under lockdown for more than a day after a compromised wallet took advantage of their smart contract. The project went back live with the following update being posted on their social media:
“We are happy to announce that the Bancor Network is back online. We will gradually be adding tokens back to the network beginning with the BNT / ETH converter. https://ban.cr/online”
The community was relieved, for the most part, thanking Bancor for their swift and strong response which prevented any further funds being lost. Their web app was taken down for maintenance a just a day later, causing new discomfort for the customers, but soon went back online.
Bancor stated that no users have been hacked and users were able to access their private wallets and transfer their funds at any time during the attack on Bancor and the subsequent maintenance period. The hack targeted an exploit in the so-called “Bancor collector balance,” exchange’s reserve wallet. This allowed the hacker to mint $10 million’s worth of new BNT tokens and steal them.
Bancor network had pre-installed safety measures which allowed them to freeze these funds and safely return them from the thief wallet. While most people remained faithful to the project, critics began to re-emerge and call out the company’s security measures.
Yo Sub Kwon, founder and CEO of smart contract security firm Hosho, believes Bancor did not take all precautions:
“From the fact that Bancor claims a wallet was hacked and then was able to steal from a smart contract exploits a weakness that has always existed with their smart contracts. That weakness is how far-reaching a single wallet has been allowed to be. Their smart contracts allow for nearly unlimited control to the owners and apparently their ability to protect their wallets is inadequate,” Kwon commented in an e-mail statement to Cryptovest. He concluded his thoughts by saying:
“Any large source of funds or access to powerful smart contracts should at the minimum be using multi-signature verification.”
At the same time, Tone Vays, the famous Bitcoin maximalist, commented on the centralization issues with Bancor that this hack (and the way the funds were partially recovered) exposed:
“Another ICO #scam – $BNT has just proved:
A: Their Token/Code is Centralized
B: They have incompotent Dev team
C: Pretending to be Decentralized will open you up to hacks w/ 0 upside (besides scamming unqualified investors)
D: #Ethereum itself is a joke.”
He later on proceeded to trash the project further: “Users funds aren’t safe. The stolen 25,000 ETH belong to BNT holders. They were stolen from a reserve managed by a smart contract to fund BNT liquidity, and they were put there by BNT token buyers.”
Bancor reacted to these accusations by remaining faithful to their semi-centralized methods and safety measures.
“We firmly believe that this ability is a preventative measure essential to most tokens and necessary to protect the network and token holders in a state of emergency,” said an official statement made by the project. At the same time, they encouraged other projects to implement protective measures of their own which will safeguard their communities and the industry as a whole.
Latest update from Bancor suggests that they will be actively seeking to create a safer environment for everyone invested in the world of crypto:
“As a first step following the recent reactivation of the network, Bancor is creating a coalition of crypto defenders who will pledge to contribute resources and capabilities to fight criminals together. Members will collaborate on mechanisms to warn and assist each other in times of peril, coordinate around shared blacklists, and contribute open-source tools aimed at creating a safer world for all stakeholders.”
The company also announced that they will be opening their own internal software tools designed to track stolen funds in real time to the general public, thus motivating other projects and communities to at least think about implementing similar measures. The community seemed receptive, as a Reddit user Axolotl_404 said:
“Mainstream adoption will be a balance between security and decentralization. No mass adoption will occur if there are no security measures in place to protect users funds.”
Crypticmeg123 mirrored his feelings by saying:
“I 100% agree, Crypto will stay as a speculative magical internet money if there are no elements of Centralisation, security measures like the pause/freeze function what Bancor implemented is what the industry needs if we want the general mom & pops to adopt this brilliant innovative new technology.”
For now, the project is back online. Only future can tell if Bancor’s semi-centralized model of operating will turn out to be successful or if it will create enough weak points to bring the entire project down.
People keep forgetting that erc20 tokens are still in their beginning stages and that BNT is not unique in it’s pause functions. EOS, Tron, Icon, OmiseGo, Augur, Status, Aelf, Qash, and Maker are all tokens that all possess pause options. At the end of the day user funds WERE safe, and Bancor users are always in control of their private wallets.