Bancor Discovers Security Vulnerability, Drains USD 460,000 Of User Funds

Bancor, an on-chain liquidity protocol for Ethereum and other blockchains, has discovered a security vulnerability. The team informs that upon discovery it has used a white-hack attack to migrate all funds at risk to safety, and all user funds are secure, although the situation is still developing.

According to the Bancor Network, the vulnerability was discovered last night at midnight, 00:00 UTC, in a new version of the BancorNetwork v0.6 contract, which was deployed just two days ago, on June 16.

Any users who have traded with Bancor during the last 48 hours and granted approvals to the Bancor contract should go to approved.zone and revoke all approvals, says the network. In case of help or questions, the protocol is redirecting its users to its Telegram group.

The situation was initially reported by Hex Capital. Another Twitter user, defiprime, has now confirmed that the smart contract was audited, redeployed, and all user funds are safe.

Confirmed with the team: ✅A security vulnerability was discovered in the new BancorNetwork v0.6 contract pushed two days ago ✅After discovering the vulnerability we performed a white-hat attack to migrate funds to safety✅smart contract was audited ✅USER FUNDS ARE SAFU

— defiprime (@defiprime) June 18, 2020

Meanwhile, there was a drop in the price of network's native cryptocurrency BNT. It lost approximately 12% of its value in the last 24 hours, going from USD 0.84 to 0.76 at pixel time (08:37 UTC).

The protocol is planning for a major Bancor V2 release sometime next month. Furthermore, Bancor’s BNT was one of the cryptocurrencies recently considered for listing at a major U.S.-based cryptocurrency exchange Coinbase.

The incident has once again prompted harsh comments for the decentralized finance (DeFi) critics, as it is not the first DeFi security incident this year. Earlier in February, an attacker has successfully drained USD 142 million and USD 320,000 in a series of attacks involving flash loans. In April, a decentralized finance protocol Lendf.Me also almost lost USD 25.2 million, which were later returned back by the hacker.

We contacted Bancor for comment and will update should they reply.

Here are the full instructions for potentially affected Bancor users:

Reactions:

Who ever used @Bancor directly and gave approvals, go to https://t.co/dFKBmjerYf (our project) and revoke it! DeFi needs more security audits!!!#DeFi https://t.co/Ym0hAPGsHk

— 1inch.exchange (@1inchExchange) June 18, 2020

__

Another day, another DeFi script kiddie flaw. Today it’s with @Bancor. pic.twitter.com/AHeHEsMj7a

— Dan Held (@danheld) June 18, 2020

__

Last week @coinbase announced they’re considering adding support for Bancor.This week hackers are exploiting a vulnerability in Bancor to steal funds from users.¯\_(ツ)_/¯ https://t.co/36uj3UweS5

— Stephen Cole (@sthenc) June 18, 2020

__

Apparently, @Bancor is being drained by both black and white hats.I'm guessing most of what was in there was illiquid imaginary assets anyway? pic.twitter.com/a9vSarsSIV

— John Carvalho (@BitcoinErrorLog) June 18, 2020