This morning (CEST) Bancor experienced a security breach. No user wallets were compromised. To complete the investigation, we have moved to maintenance and will be releasing a more detailed report shortly. We look forward to being back online as soon as possible.
Earlier today, at approximately 00:00 UTC, Bancor experienced a security breach. We take this incident very seriously. We are committing every resource to resolving it, getting the network back online and tracking down the criminals involved.
The details of the breach are still being investigated, but we wanted to update the community with the facts that we have so far.
A wallet used to upgrade some smart contracts was compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24,984 ETH (~$12.5M). The same wallet also stole:
229,356,645 NPXS (~$1M)
3,200,000 BNT (~$10M)
Once the theft was identified, we were able to freeze the stolen BNT, limiting the damage to the Bancor ecosystem from the theft. The ability to freeze tokens was built into the Bancor Protocol to be used in an extreme situation to recover from a security breach, allowing Bancor to effectively stop the thief from running away with the stolen tokens.
It is not possible to freeze the ETH or any other stolen tokens. However, we are now working together with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for the thief to liquidate them.
We will continue to post updates as and when appropriate on our Telegram channel and on Twitter. We appreciate your patience as we resolve this matter.
The details of the breach are still being investigated, but we wanted to update the community with the facts that we have so far.
A wallet used to upgrade some smart contracts was compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24,984 ETH (~$12.5M). The same wallet also stole:
229,356,645 NPXS (~$1M)
3,200,000 BNT (~$10M)
Once the theft was identified, we were able to freeze the stolen BNT, limiting the damage to the Bancor ecosystem from the theft. The ability to freeze tokens was built into the Bancor Protocol to be used in an extreme situation to recover from a security breach, allowing Bancor to effectively stop the thief from running away with the stolen tokens.
It is not possible to freeze the ETH or any other stolen tokens. However, we are now working together with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for the thief to liquidate them.
We will continue to post updates as and when appropriate on our Telegram channel and on Twitter. We appreciate your patience as we resolve this matter.
We are happy to announce that the Bancor Network is back online. We will gradually be adding tokens back to the network beginning with the BNT / ETH converter. https://ban.cr/online
Invacio (INV) will be removed from the Bancor Network today within the coming hours.
Unblocked Ledger (ULT) and LockTrip (LOC) are LIVE on the Bancor Network.