Following a security breach that caused roughly $23.5 million worth of cryptocurrency to be stolen, Bancor announced its decentralized liquidity network was back online.
As previously reported, a wallet used to upgrade some smart contacts was compromised. Bancor reported that the compromised wallet was then used to withdraw ETH from the BNT smart contact in the amount of 24,984 (~$12.5 million) and the same wallet was also used to steal 229,356,645 NPXS (~$1 million) and 3,200,000 BNT (~$10 million). Bancor reported that once the theft was detected, its team was able to freeze the stolen BNT, which limited the damage to the platform’s ecosystem from the breach.
“The ability to freeze tokens was built into the Bancor Protocol to be used in an extreme situation to recover from a security breach, allowing Bancor to effectively stop the thief from running away with the stolen tokens.”
Bancor also noted that while it is not possible to freeze the ETH or any other stolen tokens, it is now working with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for the hackers to liquidate them. Prior to reopening the network, Bancor released more information on the situation:
Bancor’s Co-Founder Guy Benartzi also issued a statement about the situation:
“First and foremost, we would like to apologize to our users and supporters for the network being down during this incident. A thorough investigation is continuing and we will release more information in a report analyzing the attack when we conclude our review. Going forward, let me be clear that the loss of funds will have no significant impact on our ability to execute our mission. As the first and largest decentralized liquidity network, the Bancor Network has processed over $1 billion in token conversions in its first year. It has facilitated affordable and accessible liquidity for 100+ token projects, who joined the open-source network with no listing fees. We’ve seen many innovative uses of the Bancor Protocol already and others that will be released in the coming months. These include new types of blockchains, stable coins, derivatives, community currencies, and other use-cases we can’t yet fully imagine.”
Benartzi then noted that following the theft, Bancor’s intentionally designed emergency mechanism allowed the network to halt the breach and recover $10 million in hijacked BNT — protecting the Bancor Network and community from further damage. Benartzi explained this was the first time we have utilized this emergency capability, whose existence was transparently communicated to the world at large and heavily discussed prior to the network’s token sale.
“We hope to never have to use this security feature again, and while we were compelled to use it this time, we see a growing need for evolving governance models to allow different configurations of permissions to act on a community’s behalf. We look forward to continuing the dialogue on how to best implement diverse governance models for a variety of situations that may arise.”
Bancor previously stated that no user wallets have been compromised in the hacking.