In a tweet that is happy news for the large family of BNT coin users, Bancor Network is back in business. Further, the network offered clarification to its users on the type of security breach that the hackers had caused and how much was stolen from which account on the network.
The network had been hacked at a BNT ‘connector balance’ account from where ETH and BNT stolen a few days ago. Bancor clarified via tweet that no customer wallet was stolen. Hackers had breached an internal wallet where coins were held in reserve at a access point on the network.
July 9 attack
The distributed database coin had one of its worst incidents of a security breach on July 9, 2018. The network confirmed the incident in its Twitter statement, “This morning (CEST) Bancor experienced a security breach.
No user wallets were compromised. To complete the investigation, we have moved to maintenance and will be releasing a more detailed report shortly. We look forward to being back online as soon as possible.”
The hackers had not only stolen from a reserve BNT connector balance account but from smart contracts where a wallet was breached on the network.
Smart Tokens
On BNT, Smart Tokens are built for price discovery and typically ETH of smart contracts are forwarded, to which new BNT tokens are given. The ETH is then stored in a balance, often called as ‘connected balance.’ On the return journey, BNT reaches the smart contract and is usually the process of selling BNT. These tokens are then destroyed and ETH of equivalent value is removed from these connected balance and returned to the seller.
Hackers well aware of the residual amount in such connector balances of smart contracts had exploited the same on Bancor network leading to a loss of 24,984 ETH, valued at $12.5 million. The other currencies stolen from the same wallet were – NPXS of 229,356,645 or roughly $1 million and 3,200,000 BNT or approximately $10 million.
Once, the theft was detected, BNT account was frozen and thereby limited the extent of damage to the “Bancor ecosystem” the company stated in its tweet.
Bancor also explained that the protocol on the system was designed to control extreme situation and would recover from security breach thereby ensuring the thief cannot escape from the system after stealing the tokens.
According to the network statement, “It is not possible to freeze the ETH or any other stolen tokens. However, we are now working with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for the thief to liquidate them.”
The incident had affected BNT prices considerably. Bancor has since “removed the vulnerability,” after identifying the cause of the breach. The clarifications by the network follow the rebuilding of security lapse and are expected to gradually add tokens for ETH as well as BNT.
Bancor has reiterated that no client wallets were compromised and only a reserve connector balance was removed by the hackers along with smart contract-based run-ins.
