A decentralized exchange platform known as Bancor suffered a security breach Monday morning. Bancor was quick to reach out about the problem and informed its users via Twitter that “no user wallets were compromised” as a result of the incident.
This morning (CEST) Bancor experienced a security breach. No user wallets were compromised. To complete the investigation, we have moved to maintenance and will be releasing a more detailed report shortly. We look forward to being back online as soon as possible.
— Bancor (@Bancor) 9. juli 2018
Recently, Bancor has tweeted further details about what occurred during the security breach.
According to Bancor, the attack occurred while some smart contracts were being upgraded. The wallet associated with this upgrade was compromised, and the hacker managed to steal 24,984 Ethereum (ETH), 229,356,645 Pundi X (NPXS), and 3,200,000 Bancor (BNT) from the BNT smart contract. This equated to a hack worth $23.5 million, with $~12.5M ETH, ~$1M NPXS, and ~$10M BNT stolen.
Bancor managed to freeze the stolen BNT funds, but since they have no control over the ETH and NPXS networks, there was nothing that could be done about those stolen funds. This means that the hacker was able to successfully escape with $13.5M worth of crypto. Bancor noted that they are working with other exchanges to prevent the liquidation of the stolen funds that may be moved from the suspected hackers addresses.
This hack goes to show that decentralized exchanges are only as secure as the smart contracts in which they conduct business. Centralized exchanges are often attacked for the possibility of human error, but humans are the ones who write these smart contracts, and their code can be just as flawed. Hopefully, this hack will serve as a wake-up call to other decentralized exchanges to make sure their smart contracts are as secure as possible.