The Bancor Protocol development team discovered a vulnerability in the v0.6 update that led to the theft of tokens from users worth more than $100,000.
After the vulnerability was discovered, the developers independently used it to withdraw BNT tokens from vulnerable wallets, but some of them were stolen by hackers. Tokens worth more than $100,000 were transferred to an address not owned by Bancor.
“Dear community, on June 17 at 12:00 GMT, a vulnerability was discovered in The new version of the bancornetwork V0.6 smart contract, released on June 16. All users who have traded in the last 48 hours and confirmed transactions must withdraw all confirmations, “the developers’ Twitter message reads.
However, users must revoke all transactions in the last 48 hours related to three smart contract addresses:
The developers reported that they were able to secure $460,000 worth of tokens on their clients ‘ wallets. However, according to Hex Capital, in many cases, developers were late, and hackers were able to steal at least $100,000 in BNT tokens.
After the vulnerability was reported, the exchange rate of the BNT token fell noticeably and now the token is trading at $0.75.
Note that In 2018, the bancor Protocol was already hacked. Then the attackers managed to steal ETH coins, NPXS and BNT tokens for a total of $23 million.