In yet another demonstration of security shortfalls among the cryptocurrency market’s largest members, Israeli-based exchange Bancor has last night lost $23.5m (£17.8m) to a cyber attack.
Announcing it as a security breach, Bancor later explained that hackers had targeted a compromised wallet used to upgrade certain smart contracts on the network, which allowed them to withdraw almost 25,000 ethereum tokens.
The company operates as a “decentralised liquidity network” where cryptocurrencies can be converted into other digital coins via smart contracts, removing the need for buyers, sellers and other intermediaries normally involved in trading.
Bancor was able to freeze the theft of $10m (£7.5m) of its own native currency BNT, as part of a failsafe built into the Bancor ecosystem for ‘extreme situations’, “allowing Bancor to effectively stop the thief from running away with the stolen tokens”, it said in a tweet.
The company has been criticised for the breach and its response, with Litecoin founder Charlie Lee, tweeting that its ability to both lose and freeze customer funds is evidence that it is not truly a decentralised network.
A Bancor wallet got hacked and that wallet has the ability to steal coins out of their own smart contracts. 🤦♂️
An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It’s a false sense of decentralization. https://t.co/22UYygIhEF
— Charlie Lee [LTC⚡] (@SatoshiLite) July 10, 2018
Bancor added that this function was not available to other cryptocurrencies victim to its breach, including $1m (£760k) of Pundi X, but said it was working with “dozens of cryptocurrency exchanges” to trace the stolen funds and make it difficult for the thief to liquidate them.
Bancor made efforts to emphasise that no user wallets had been compromised in the attack. While it’s site is currently down (“doing some maintenance”) a message reads; “Bancor does not hold your assets. Your wallet and your funds are always safe, secure and under your possession on the blockchain at all times.”
Last year, the company raised 396,720 ethereum tokens, now worth close to $183m (£138m), from its ICO (initial coin offering).