Cryptocurrency Exchange Developer Bancor Loses $23.5 MillionA Wallet Used for Upgrading Smart Contracts Was Compromised
Attackers have stolen $23.5 million in cryptocurrency from Bancor, which is developing a decentralized exchange.
The hack was detected on Monday, says Bancor, whose name comes from a scuttled idea dating from the 1940s to create a supranational currency.
No user wallets were compromised, but the platform itself lost $12.5 million worth of ether, about $1 million of Pundi X and $10 million of Bancor Network Tokens, it says in a statement posted on Twitter.
The precise cause of the hack remains unclear. But Bancor says "a wallet used to upgrade some smart contracts was compromised."
Smart Contract Dangers
Bancor leverages the Ethereum network to deploy so-called smart contracts, which are essentially small applications that sit on a blockchain and enforce terms and conditions for automated transactions.
Bancor has developed a protocol that uses smart contracts as part of a cryptocurrency exchange. The exchange is designed to enable users to always be able to buy and sell thinly traded cryptocurrencies deployed on blockchains that accommodate smart contracts. The project is designed to increase liquidity in cryptocurrency markets, in which a lack of liquidity can cause prices to wildly spike or dive.
It was not a smart contract exploit.— Eyal Hertzog (@eyal) July 9, 2018
But smart contracts, like any code or software, can contain security vulnerabilities. In one of the most high profile incidents, a venture capital group called the Decentralized Autonomous Organization lost around $55 million of ether in June 2016 because of exploitation of a vulnerability within its smart contracts (see $55 Million in Digital Currency Stolen from Investment Fund).
Eyal Hertzog, co-founder and product architect of Bancor, tweeted that whatever happened to Bancor was not a parallel situation to what happened to The DAO.
"It was not a smart contract exploit," Hertzog writes on Twitter, without elaborating.
Emin Gun Sirer, a computer scientist at Cornell University who closely follows blockchain technology, writes that Bancor likely lost control of the key used to authenticate access to the smart contract, "and someone used it to steal double digit millions."
"This looks like a straightforward case of bad opsec at Bancor, instead of a more worrisome flaw in their core contract," Sirer writes on Twitter.
Some of Bancor's losses, however, are recoverable. Bancor says it has recouped $10 million worth of BNT, a type of token that facilitates trades within its exchange. How Bancor executed that recovery, however, leads into a heated debate among cryptocurrency enthusiasts.
BNT differs from bitcoin in that it is a centrally generated token. New bitcoins are created through a process called mining, in which computers that verify transactions on the network are rewarded with a slice of bitcoin.
BNT, like many other cryptocurrencies such as Ripple's XRP, Cardano's Ada, Block.one's EOS and Stellar's Lumens, isn't mined. These types of coins have powered Initial Coin Offerings, where an organization creates a centrally issued coin and sells it to raise funding.
ICOs, which some contend could expose investors to fraud, are being closely analyzed by regulators around the world. The question is whether the coins or tokens that are issued are more like securities akin to stocks rather than an asset. The sale of securities often entails a different set of stricter trading rules (see Is Regulating Cryptocurrency Necessary and Feasible?).
Centrally issued coins are somewhat controversial among cryptocurrency purists. The entity that creates the coin or token may have technical control over it and may hold large batches of it in reserve, potentially manipulating markets. There are also hybrid coins, such as ether, which are initially pre-mined then run on a bitcoin-like mining reward system.
Bancor retains that kind of control over BNT. BNT runs on Ethereum's blockchain, and the code that governs the token allows Bancor to have a wide degree of control. After the hack, Bancor says "we were able to freeze the stolen BNT, limiting the damage to the Bancor ecosystem from the theft.
"The ability to freeze tokens was built into the Bancor Protocol to be used in an extreme situation to recover from a security breach, allowing Bancor to effectively stop the thief from running away with the stolen tokens," Bancor says in its statement.
But some security experts have labeled a capability to recover coins as a backdoor, the term for a usually hidden power known only to a few. They've warned that holders of tokens bound by such smart contract rules could be at risk, both from hackers and the vagaries of companies that have issued the coins (see Analysis: Swiping Cryptocurrencies Through a Back Door).
Although the code in smart contracts can be examined to spot irregularities, not everyone checks closely.
In January, Singapore-based Soar Labs suddenly took AU$6.6 million (US$4.9 million) in cryptocurrency from its Australian business partner, Byte Power Group, after a dispute. Soar Labs' ethereum-based token, called Soarcoin, contained code in its smart contracts that allowed the company to take any Soarcoins from anyone's wallet (see Exclusive: Aussie Firm Loses $6.6M to Backdoored Cryptocurrency).
After a dispute with ASX-listed Byte Power Group, a Brisbane-based partner that Soar Labs hoped to jointly establish an Australian cryptocurrency exchange, the company invoked that power. Byte Power Group was unaware the smart contract code contained the functionality. The two later reached a settlement.
Backdoors Or Security Defenses?
Building such powerful capabilities into the smart contracts for tokens, however, carries other risks. Even if Bancor's smart contracts had no software vulnerabilities, hackers would be interested in obtaining the keys or code that could access those contracts. That may have been what happened to Bancor.
"Based on the currently published details, it seems that the @Bancor hack was enabled by permissioned backdoors that were put in the smart contracts by the team, and were presumably compromised by the attackers," writes Udi Wertheimer, a bitcoin developer and consultant, on Twitter.
The lost ether, however, is unrecoverable. "It is not possible to freeze the ETH or any other stolen tokens," Bancor says. "However, we are now working together with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for the thief to liquidate them."
On Wednesday, Bancor wrote that "we are close to reactivating the Bancor Network. We appreciate your support and the healthy debate on the balance between security and decentralization that has ensued."