Cryptocurrencies

Victim of Critical Vulnerability, Bancor decides to “self-hack” – Cryptocurrencies

Bancor (BNT) has recently undergone a major update. Problem, a flaw was not long in spotting, the kind of flaw that it is impossible to ignore as it was likely to compromise the smart contracts of the system and jeopardize the funds of the users. To solve the problem, an unorthodox solution was adopted: auto-hacking by the designers of the decentralized exchange system.

The important bug that escapes several audit checks

The latest version of Bancor recently presented to the public had a major flaw in the core of the network. Indeed, two days after the launch of the decentralized exchange Bancor, an unknown developer notices a serious anomaly.

Withdrawals approved by traders who trade on Bancor (BNT) could be revoked on demand via a specialized web platform. It’s about “SafeTransferFrom” which could be launched without its own authorization, as explained in a tweet from Hex capital. This flaw would therefore have allowed a third party to recover the funds, without requiring the authorization of the account owner.

Very quickly, an emergency solution was developed: it was necessary to hack the network to move the funds at risk into a safer directory. Obviously, the team had to exploit the same fault detected to carry out this rescue maneuver.

However, a security audit by Kanso Labs had taken place before the launch of the new version of Bancor. Users therefore narrowly escaped a loss of several million euros if the flaw had been discovered by a malicious third party.

Did Bancor steal funds from its users from the start?

According to the team 1inch.exchange, there are more than two avant-garde people inside the network who have exploited the flaw to collect user funds. In their defense, the arbitration programs provided by the system were unable to differentiate between arbitration and piracy.

Following this overwhelming discovery, all of the pioneers promised to return the funds obtained by taking advantage of the bugs that improperly defined certain arbitration opportunities. According to a report by 1inch.exchange :

“The Bancor team recovered $ 409,656 in total and spent 3.94 ETH on gas, while the precursors recovered $ 135,229 and spent 1.92 ETH on gas. Users were billed $ 544,885 in total. “

A large sum had therefore leaked from the start of Bancor, despite the various audits carried out with each new version. This would have given birth to a veritable time bomb in the world of cryptocurrencies. It should be remembered that no audit could guarantee 100% reliability of the exchange system before launch.

It will now be necessary to redouble efforts to regain the confidence of investors, after such a serious error has been revealed to the general public.

Related Articles

Back to top button