Bancor, an on-chain liquidity protocol for Ethereum and other blockchains, has discovered a security vulnerability. The team informs that upon discovery it has used a white-hack attack to migrate all funds at risk to safety, and all user funds are secure. Trading within the system is now back to normal. (Updated at 14:30 UTC, with the comments from Bancor’s team).
According to the Bancor Network, the vulnerability was discovered last night at midnight, 00:00 UTC, in a new version of the BancorNetwork v0.6 contract, which was deployed just two days ago, on June 16. Since then, Bancor-controlled address drained nearly USD 460,000 worth of user funds at risk that should be returned to their owners.
Any users who have traded with Bancor during the last 48 hours and granted approvals to the Bancor contract are encouraged to go to approved.zone and revoke all approvals, says the network. In case of help or questions, the protocol is redirecting its users to its Telegram group.
The situation was initially reported by Hex Capital. Another Twitter user, defiprime, has now confirmed that the smart contract was audited, redeployed, and all user funds are safe.
Who ever used @Bancor directly and gave approvals, go to https://t.co/dFKBmjerYf (our project) and revoke it! DeFi needs more security audits!!!#DeFi https://t.co/Ym0hAPGsHk
— 1inch.exchange (@1inchExchange) June 18, 2020
Last week @coinbase announced they’re considering adding support for Bancor.
This week hackers are exploiting a vulnerability in Bancor to steal funds from users.
— Stephen Cole (@sthenc) June 18, 2020