Bancor Hacked: Stolen over $23M in Ethereum
Last year the company raised over $150 million in an ICO. Bancor’s services include a wallet with an integrated exchange service. Last week, Bancor stated that “a wallet used to update some smart contracts has been compromised. As a result, the attackers stole $12.5M in Ethereum, $1 million in NPXS Token of Pundi X and $10 million in BNT.
Bancor announced they’ve frozen the BNT, but they can’t do the same for the other tokens. The company added that it is communicating with a number of exchanges in an effort to “make it harder for the thief to liquidate” the stolen tokens. Nevertheless, it remains to be seen how successful these efforts will be.
Following the incident, Bancor suspended the exchange and undertook an investigation. The exchange has now resumed its activity, as it announced in the following tweet:
We are happy to announce that the Bancor Network is back online. We will gradually be adding tokens back to the network beginning with the BNT / ETH converter. https://t.co/zyZKV3TrsA
— Bancor (@Bancor) July 11, 2018
Twitter critics, including Litecoin’s creator Charlie Lee, underlined the irony that Bancor, which claims to be decentralized, responded to the hack with strategies in line with a centralized system.
A Bancor wallet got hacked and that wallet has the ability to steal coins out of their own smart contracts. ?♂️
An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It's a false sense of decentralization. https://t.co/22UYygIhEF
— Charlie Lee [LTC⚡] (@SatoshiLite) July 10, 2018
This event has once again called into question the extent to which the Ethereum DAPPs is truly decentralized. This is because Bancor, like many other DAPP developers, has programmed the smart contracts underlying their applications to grant them some degree of authority. These include, for example, the possibility to “freeze” tokens or update smart contracts so as to change their behavior in the future.
Thus, while the infrastructure hosting the DAPPs is decentralized, the applications themselves involve so much central authority that they cannot be defined as decentralized. This is a particular problem with security, as such an architecture needs only the creator’s wallet to be compromised in order to damage the entire DAPP. In addition to this, unlike what most users expect, such a system requires trust in the creators of the application.
Decentralised exchanges remain a potential solution to many — but not all — of the problems in this area. But what we always need to know is how decentralized the exchanges really are.