Bancor, a decentralized liquidity network for ERC20 tokens, announced that they’ve been jacked out of $13.5 million in cryptocurrency.
The attack happened at midnight UTC when a hacker managed to compromise a wallet that was used to upgrade smart contracts. Through that compromised wallet the hacker withdrew 24,984 ETH (worth approximately $12.5 million) from the BNT smart contract.
The hacker also managed to use that wallet to snatch 229,356,645 Pundi X (NPXS) coins (worth about $1 million).
But the crypto heist ended there.
In a classic example of getting too greedy even for a hacker’s own good, the hacker was stopped from withdrawing 3.2 million Bancor tokens (BNT) (worth approximately $10 million) since a built-in security feature of the exchange managed to freeze the tokens in time.
Bancor bills itself as a decentralized liquidity network that allows users to convert between tokens listed on the network with no counterparty and at an automatically calculated price. Attributing its success to the built-in liquidity of the network Bancor claims: “the future of user-generated tokens is here”.
It’s unlike a traditional exchange since there’s no spread, continuous liquidity, and no registration required. Bancor can achieve all this through its method that allows for buying and selling through smart contracts.
It is that use of smart contracts that has upended its success on this particular day.
But the good news for Bancor users is that no user wallets were affected, only the network’s reserve funds.
This morning (CEST) Bancor experienced a security breach. No user wallets were compromised. To complete the investigation, we have moved to maintenance and will be releasing a more detailed report shortly. We look forward to being back online as soon as possible.
— Bancor (@Bancor) July 9, 2018
However, the exchange is still down for maintenance several hours after the network first publicized the hack.