Bancor, an Israel-based company touting a decentralized cryptocurrency exchange which raised $153 million in ether during their ICO last year, disclosed to the public on 7/10/18 a security breach which resulted in the loss of 24,984 ETH (~$12.5M), 229,356,645 NPXS (~$1M), and 3,200,000 BNT (~$10M).
The statement claims “a wallet used to upgrade some smart contacts was compromised” and was then used to withdraw the stolen funds. Bancor added that upon identification of the security breach, the stolen BNT (the company’s “smart token”) was frozen and the ETH, which they do not control, is being tracked in order to make it more difficult to liquidate the stolen tokens. The company claims that no user wallets were compromised.
The wallet which contains the stolen ether can be viewed on Etherscan.
This incident has raised questions by many about how this hack, and Bancor’s response to it, could occur on a decentralized exchange. Litecoin’s creator Charlie Lee, for example, tweeted “A Bancor wallet got hacked and that wallet has the ability to steal coins out of their own smart contracts. An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It’s a false sense of decentralization.”
Ironically, this hack occurred after Ethereum founder Vitalik Buterin had recently stated: “I definitely hope centralized exchanges go burn in hell as much as possible.” Adding to this irony, Bancor tweeted a day before the breach “”Burning in hell” is a bit extreme, but we do agree with @VitalikButerin that #decentralized solutions — such as Bancor — are the future of #blockchain and value exchange.”