Bancor, a popular cryptocurrency trading platform, recently fell victim to cybercriminals who stole about $24 000 000 worth of ethers by means of exploiting a vulnerability in wallet firewall.
On July 9, Bancor informed its users about the incident in a Tweet:
“This morning (CEST) Bancor experienced a security breach. No user wallets were compromised. To complete the investigation, we have moved to maintenance and will be releasing a more detailed report shortly. We look forward to being back online as soon as possible.”
Here is the latest update on the recent security breach: pic.twitter.com/JroypFvBri
— Bancor (@Bancor) July 9, 2018
According to more detailed update which followed closely the initial Tweet, an unknown hacker attacked a wallet used for smart contract updating. The criminal (or a group of criminals) managed to withdraw 24 984 ETH and other ERC-20 tokens, namely NXPS and Bancor’s BNT.
The total amount stolen is about $24 000 000. The users’ funds, nevertheless, remained intact, as noted by Bancor team. Bancor is now working with many other crypto exchanges and brokers in order to trace the stolen funds.
“Once the theft was identified, we were able to freeze the stolen BNT, limiting the damage to the Bancor ecosystem from the theft,” – the team reported.
This statement caused much displeasure among the cryptocommunity, despite all Bancor’s attempts to convince its users that the implementation of such a centralized approach to the problem was motivated by “an extreme situation”. The creator of Litecoin Charlie Lee expressed his concerns in the following Tweet:
A Bancor wallet got hacked and that wallet has the ability to steal coins out of their own smart contracts. 🤦♂️
An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It's a false sense of decentralization. https://t.co/22UYygIhEF
— Charlie Lee [LTC⚡] (@SatoshiLite) July 10, 2018
As reported last month, Bithumb, another major cryptocurrency exchange, was robbed of $30 000 000. However, thanks to cooperation with other trading platforms, it managed to recover almost half the stolen amount.