The Israeli company Bancor posted on Twitter that it took its platform offline following the security incident, stating that “no user wallets were compromised.”
“To complete the investigation, we have moved to maintenance and will be releasing a more detailed report shortly. We look forward to being back online as soon as possible.” A spokesperson for Bancor confirmed the incident when reached by email.
Nate Hindman, Bancor’s head of communications, told The Token Post that while the team had been able to block the transfer of an estimated 2.5 million BNT tokens – worth an additional $10 million – it wasn’t able to do so for approximately 25,000 ETH – worth about $12.5 million – as well as almost 230 million NPXS tokens (worth roughly $1 million total).
Based on the currently published details, it seems that the @Bancor hack was enabled by permissioned backdoors that were put in the smart contracts by the team, and were presumably compromised by the attackers.
— Udi Wertheimer 🔨 [#reckless] (@udiWertheimer) July 10, 2018
All told, the company lost roughly $13.5 million in the hack, according to a follow-up statement.
“We were able to freeze the stolen BNT, limiting the damage to the Bancor ecosystem from the theft. The ability to freeze tokens was built into the Bancor Protocol to be used in an extreme situation to recover from a security breach, allowing Bancor to effectively stop the thief from running away with the stolen tokens,” he explained, adding:
“It is not possible to freeze the ETH or any other stolen tokens. However, we are now working with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for the thief to liquidate them.”
The hack comes more than a year after Bancor raised $153 million in an initial coin offering (ICO), representing the largest token sale of its kind at the time (a figure that was ultimately eclipsed by Telegram and, later, EOS). Bancor is a decentralized exchange, but it also allows for the creation of new cryptographic tokens.
Hindman was quick to assure everyone that Bancor has “identified the cause of the breach and removed the vulnerability.”
“We expect Bancor to go back online in the next 24 hours. We will continue to post updates as and when appropriate on our Telegram channel and on Twitter,” he explained.
The incident appears to have impacted the price of Bancor’s BNT token. According to CoinMarketCap, the token’s price is down roughly 14 percent during the past day and is currently trading at around $2.73.