Image Source
Bancor (BNT) wants to offer its blockchain as a platform for exchanges and finance that are decentralized (DEX and DeFi). A little less than 2 years after a first concern, the smart contract that governs transactions on Bancor has again revealed a exploitable flaw to siphon funds. Explanations.
A flaw detected in Bancor's smart contract
The first alert was given directly by the Bancor project development team on their Twitter account. The morning of June 18, a vulnerability was discovered in the new version (v0.6) of the smart contract which allows the functioning of BancorNetwork. This update had been implemented less than 2 days earlier, on June 16.
The last elements are reassuring: the contract in question has been corrected to remedy this vulnerability, and the Bancor team says that its users' funds are secure.
Yet nearly half a million dollars in cryptocurrencies have been successfully mined using this vulnerability. But this “hacker” did it for a good cause, as we will see.
$ 460,000 in funds “diverted” by Bancor, in prevention
In fact, the hacker in question was sponsored by Bancor itself, to secure the funds that could be stolen due to the breach of the smart contract.
In a second tweet, the Bancor team explains that - as soon as it realized the existence of the vulnerability - it decided to exploit the flaw to secure $ 460,000 of exposed cryptocurrencies.
But are all cryptos saved? It is not sure for the moment, the Hex Capital Twitter account (@Hex_Capital) actually claims that $ 100,000 of crypto assets were also drained to an address that does not belong to the “white hacker” from Bancor.
In any case, this new problem in the smart contract is very similar to the previous one in July 2018. Indeed, at the time, $ 23.5 million in cryptos had been stolen. $ 10 million was recovered quickly, thanks to the intervention of Bancor.
However, this demonstrates a certain capacity for action, and therefore centralization, on the part of Bancor on the assets of its users. All of this, mixed with the fear that a loophole is still hidden in the latest update, has caused a real drain of funds by worried users.
Thus, in the space of 2 days and according to data from DefiPulse, the funds committed on the Bancor platform fell from 19 million to $ 14.3 million, a drop of almost -25% in 48 hours.
Total value (in USD) of active crypto engaged on the Bancor platform - Source: https://defipulse.com/bancor
The Bancor team promises a new full update on the situation shortly. Even if it turns out that no funds have actually been lost / stolen, trust in BancorNetwork's smart contracts is likely to take (again) a blow.
CEX.IO allows for the buying of bitcoin and other cryptocurrencies for low fees via credit card, Debit card. Customers can also purchase for free (no fees) with bank transfers. The best thing about Cex is that it supports fiat currencies like USD and EUR which means you can withdraw your money and deposit it directly to your bank account without the need of a third party. In conclusion, Cex allows you to trade Cryptos, deposit funds from your bank account and also withdraw your funds to your bank account, it is an All-in-one exchange.
Please register through this link to support the blog: https://cex.io/r/0/up131023719/0/
