The DeFi news category was brought to you by Ampleforth, our preferred DeFi partner
Share this article
The Bancor team has discovered a vulnerability in its latest smart contract update. To protect user funds, the team drained BNT tokens from affected users’ wallets.
Members of the crypto community have, however, identified a non-Bancor related address walking off with over $100,000 in affected funds.
Bancor Identifies Vulnerability
“Dear community, Last night [June 17, 2020] at 12:00 AM GMT, a vulnerability was discovered in a new version of the BancorNetwork v0.6 smart contract deployed on June 16, 2020,” reads a message on Bancor’s official Telegram channel.
Wallets that have interacted with Bancor within the past 48 hours are at risk.
In the same note as the above announcement, users are also guided through a process for how to recover these funds. The team confirmed that the smart contract has been updated, audited, and redeployed.
The amount of BNT tokens that were drained totaled ~$460,000 according to initial reports.
Hex Capital, a San Francisco-based crypto VC and trading firm, broke the news before Bancor.
— Hex Capital (@Hex_Capital) June 18, 2020
The firm went on to report that not all funds are safe, despite Bancor’s announcement. “Not all user funds were migrated safely. See this tx by a non-Bancor controlled address draining nearly $100k of user funds in BNT,” Hex tweeted.
The address in question leads to a wallet that is not listed as a Bancor address. It also shows several BNT token transactions linked to user accounts. The total of these transactions is roughly ~$100,000.
It is unclear whether this behavior is that of a whale or if it is explicitly related to the latest vulnerability. Since the news was announced, the BNT price has dropped from ~$0.82 to ~$0.77.
Crypto Briefing has reached out to Ankur Agrawal of Hex Capital and Nate Hindman, the head of growth at Bancor. They have not responded at the time of press.
This article will be updated as new information becomes available.
Credit: Source link