Cryptocurrency industry commentators have poured scorn on decentralized exchange platform Bancor after hackers stole around $12 million July 9.
Bancor Hack Cause Remains Unknown
Bancor, which shot to fame in 2017 when it raised over $150 million in three hours during its ICO, confirmed the hack in an update Tuesday.
Malicious parties originally attempted to steal and convert 24,984 ETH ($10,800,000), 229,356,645 NPXS ($1,000,000) and Bancor’s own BNT token.
After using instant conversion platform Changelly to convert the BNT, a joint effort froze the contract containing the funds, limiting losses to approximately $11.8 million.
“A wallet used to upgrade some smart contracts was compromised,” the update reads. “…Once the theft was identified, we were able to freeze the stolen BNT, limiting the damage to the Bancor ecosystem from the theft.”
No user funds left the platform as a result of the hack.
Here is the latest update on the recent security breach: pic.twitter.com/JroypFvBri
— Bancor (@Bancor) July 9, 2018
‘Another ICO Scam’
While centralized exchanges have experienced continued thefts this year, Bancor, which touted itself as theft-resistant through decentralization, has appeared to catch the industry by surprise.
Following the update, trading personality Tone Vays called Bancor an “ICO scam” on social media, highlighting four aspects of its operations as failing to live up to its claims of being “decentralized.”
“Their Token/Code is Centralized[,] They have [an incompetent] Dev team[,] pretending to be Decentralized will open you up to hacks [with zero] upside (besides scamming unqualified investors)[;] Ethereum itself is a joke,” he wrote.
Further criticism came from fellow decentralized exchange Leverj’s CEO Bharath Rao, who used the “unfortunate” episode to highlight Bancor’s comparative shortcomings.
“[The] 1st principle of DEX security is that user funds should not be movable without user key,” he tweeted.
2nd principle: operator keys should not be able to move funds. 3rd principle: owner keys to upgrade etc. should be multisig to protect against 1 key compromise.
Bancor promised to post further updates as further information came to light.
What do you think about Bancor’s hack? Let us know in the comments below!
Images courtesy of Shutterstock, Twitter.