Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Analysis » Bancor Drains $455,000 of User Funds After Discovering Vulnerability

Bancor Drains $455,000 of User Funds After Discovering Vulnerability

by

Bancor's latest update revealed critical vulnerabilities.

crypto security concept

Share this article

The Bancor team has discovered a vulnerability in its latest smart contract update. To protect user funds, the team drained BNT tokens from affected users’ wallets. 

Members of the crypto community have, however, pointed to non-Bancor related addresses walking off with over $100,000 in affected funds. The Bancor team has identified these addresses as arbitrage bots.

Bancor Identifies Vulnerability

“Dear community, Last night [June 17, 2020] at 12:00 AM GMT, a vulnerability was discovered in a new version of the BancorNetwork v0.6 smart contract deployed on June 16, 2020,” reads a message on Bancor’s official Telegram channel.

Wallets that have interacted with Bancor within the past 48 hours are at risk. 

In the same note as the above announcement, users are also guided through a process for how to recover these funds. The team confirmed that the smart contract has been updated, audited, and redeployed. 

The amount of BNT tokens that were drained totaled $455,349 according to initial reports. 

Hex Capital, a San Francisco-based crypto VC and trading firm, broke the news before Bancor. 

The venture firm went on to report that “not all funds are safe,” despite Bancor’s announcement. “Not all user funds were migrated safely. See this tx by a non-Bancor controlled address draining nearly $100k of user funds in BNT,” Hex tweeted.

The address in question leads to a wallet that is not listed as a Bancor address. It also shows several BNT token transactions linked to user accounts. The total of these transactions is roughly ~$130,000. 

It was unclear initially whether this behavior was that of a whale or if it is explicitly related to the latest vulnerability. Bancor’s CTO, Yudi Levi, has since cleared up the identity behind these funds.

He wrote in a Medium post after the event:

“Alongside our white-hat activity, two additional arbitrage bots detected the incoming transactions, leading to the transactions being front-run by these bots with profits of $135,229. We have since been in contact with the owners of these bots and are working with them to return the amounts to the rightful owners in exchange for a bug bounty.”

Since the news was announced, the BNT price has dropped from ~$0.82 to ~$0.78. 

Crypto Briefing has reached out to Ankur Agrawal of Hex Capital and Nate Hindman, the head of growth at Bancor. Hindman pointed Crypto Briefing to Levi’s Medium post. 

This article will be updated as new information becomes available.

Update: This article has been updated at 14:30 UTC+1 to include more details about the event from the Bancor team. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.