Bancor Drains $455,000 of User Funds After Discovering Vulnerability
analysis

Bancor Drains $455,000 of User Funds After Discovering Vulnerability

THELOGICALINDIAN - Bancors latest amend appear analytical vulnerabilities

The Bancor aggregation has apparent a vulnerability in its latest acute arrangement update. To assure user funds, the aggregation drained BNT tokens from afflicted users’ wallets. 

Members of the crypto association have, however, acicular to non-Bancor accompanying addresses walking off with over $100,000 in afflicted funds. The Bancor aggregation has articular these addresses as arbitrage bots.

Bancor Identifies Vulnerability

“Dear community, Last night [June 17, 2024] at 12:00 AM GMT, a vulnerability was apparent in a new adaptation of the BancorNetwork v0.6 acute arrangement deployed on June 16, 2024,” reads a bulletin on Bancor’s official Telegram channel.

Wallets that accept interacted with Bancor aural the accomplished 48 hours are at risk. 

In the aforementioned agenda as the aloft announcement, users are additionally guided through a action for how to balance these funds. The aggregation accepted that the acute arrangement has been updated, audited, and redeployed. 

The bulk of BNT tokens that were drained totaled $455,349 according to antecedent reports. 

Hex Capital, a San Francisco-based crypto VC and trading firm, bankrupt the account afore Bancor. 

The adventure close went on to abode that “not all funds are safe,” admitting Bancor’s announcement. “Not all user funds were migrated safely. See this tx by a non-Bancor controlled abode clarification about $100k of user funds in BNT,” Hex tweeted.

The address in question leads to a wallet that is not listed as a Bancor address. It additionally shows several BNT badge affairs affiliated to user accounts. The absolute of these affairs is almost ~$130,000. 

It was cryptic initially whether this behavior was that of a bang or if it is absolutely accompanying to the latest vulnerability. Bancor’s CTO, Yudi Levi, has back austere up the character abaft these funds.

He wrote in a Medium post afterwards the event:

“Alongside our white-hat activity, two added arbitrage bots detected the admission transactions, arch to the affairs actuality front-run by these bots with profits of $135,229. We accept back been in acquaintance with the owners of these bots and are alive with them to acknowledgment the amounts to the applicable owners in barter for a bug bounty.”

Since the account was announced, the BNT price has alone from ~$0.82 to ~$0.78. 

Crypto Briefing has accomplished out to Ankur Agrawal of Hex Capital and Nate Hindman, the arch of advance at Bancor. Hindman acicular Crypto Briefing to Levi’s Medium post. 

This commodity will be adapted as new advice becomes available.

Update: This commodity has been adapted at 14:30 UTC 1 to accommodate added capacity about the accident from the Bancor team.