On July 9th, 2018, decentralized cryptocurrency exchange Bancor (www.bancor.network) was hacked to the tune of $23.5 million in what a Bancor spokesman is saying was the result of a vulnerability of one of its exchange wallets used to upgrade Bancor smart contracts. The assailants were able to steal 3,200,000 Bancor Tokens (BNT worth $10 million), 24,984 Ethereum (ETH worth about $12.5 million) and 229,356,645 PundiX (NPXS worth about $1 million). While Bancor representatives have assured the public that no private wallets were compromised, the significance of the hack and the subsequent response has led many to question the characteristic that attracted people to the Bancor platform in the first place, decentralization. In fact, Bancor went as far as re-tweeting a recent statement by Ethereum founder Vitalik Buterin, in which he stated that centralized exchanges should “burn in hell forever” mere days before the hack occurred.
As cryptocurrencies become more and more prevalent, such thefts will likely become more commonplace. What makes the Bancor hack especially confounding is the way in which it was handled. Immediately after Bancor realized they had been hacked, they proceeded to freeze the stolen BNT tokens, thus “limiting” the impact of the theft to $13.5 million, which is perplexing to those knowledgeable about how DEXs (decentralized exchanges) operate. If an exchange is truly decentralized, no single entity would be able to freeze an entire asset class, as this contradicts the supposition of it being decentralized. Additionally, the Bancor service itself was taken offline and remains inoperable at this time, even though initial statements from Bancor indicated the exchange would only be down for 24 hours. This has led many to question, “How decentralized is Bancor, REALLY?”.
The reaction on social media was swift, inducing responses from industry heavyweights such as Charlie Lee, Founder of Litecoin and former Coinbase Director, who commented, “A Bancor wallet got hacked, and that wallet has the ability to steal coins out of their own smart contracts. An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It’s a false sense of decentralization.” While Bancor has insisted the freezing of BNT assets was the result of a security protocol in place to mitigate the damage that such a hack would cause, it was unable to enforce similar procedures for the ETH and NPXS tokens that were also stolen.
Rewind one year and Bancor was one of 2017’s ICO success stories having raised over $153 million in it’s crowdsale. Renowned investor Tim Draper even backed it on the very premise that the exchange would cater to those in the crypto community that were clamoring for the increased security that decentralized exchanges would provide.
Regardless of the outcome of this event, the spotlight it has shown on the way we think of centralization vs. decentralization that is at the heart of cryptographic security can only be seen as a positive. Leave a comment and tell us what you think about the Bancor hack.