Decentralized Crypto Exchange Bancor Hacked, $12M in Ether Stolen
In a statement, Bancor, a decentralized exchange, stated that a vulnerability was exploited to steal 24,984 ETH (approx $12 million), $1 million worth of NPXS and $10 million worth of BNT.
In a tweet earlier today, Bancor stated that it has identified a security breach and will investigate into the issue. It assured that no user wallets were compromised and they would release a more detailed report shortly.
The hack occurred at approximately 00:00 UTC when a wallet used to upgrade some smart contracts was compromised. The wallet has withdrawn ethereum and ERC-20 tokens NPXS and BNT.
The stolen BNT has since been frozen using a mechanism built into the Bancor Protocol. Bancor stated that this was built in to “be used in an extreme situation to recover from a security breach, allowing Bancor to effectively stop the thief from running away with the stolen tokens”
However, the stolen ETH and other tokens are still compromised. The wallet which contains the stolen ether can be viewed here. Bancor stated that they are now “working together with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for the thief to liquidate them”.
They stated that they would continue to post updates on any further developments on their Telegram channel and on Twitter. The exchange is currently down. In a statement to Cointelegraph, Konstantin Gladych, CEO of Changelly, stated that parts of the stolen funds have been exchanged via Changelly.
Bancor raised $153 million dollars in July 2017 in a span of few hours making it one of the largest ICO’s ever.
Earlier this week, Vitalik Buterin, founder of Ethereum, said that centralized cryptocurrency exchanges should “burn in hell as much as possible”. However it is clear that decentralized exchanges are not inherently immune to vulnerabilities even if not to the extent of centralized ones.
Bancor token (BNT) has taken a 14% dip from about $3.15 at the beginning of the day to $2.72 as of writing.