TL;DR
- Decentralized exchange Bancor lost approximately $23.5 million in cryptocurrency after hackers compromised a smart contract wallet on July 9, 2018
- Stolen funds included 24,984 ETH worth roughly $12.5 million, 3.2 million BNT tokens valued at $10 million, and 229 million NPXS tokens worth about $1 million
- Bancor froze $10 million of its own BNT tokens but could not recover the Ethereum or NPXS stolen in the attack
- The hack reignited debate over whether Bancor was truly decentralized, with Litecoin creator Charlie Lee among the critics
- Bancor temporarily shut down its platform while investigating the breach; BNT tokens dropped 14% on the day
The cryptocurrency world was rocked once again on July 9, 2018, as Bancor, the Israel-based decentralized exchange platform, disclosed a major security breach resulting in the theft of approximately $23.5 million worth of digital assets. The incident sent shockwaves through the nascent decentralized finance ecosystem and raised uncomfortable questions about the security of smart contract-based trading platforms.
How the Hack Unfolded
According to Bancor’s official statement, attackers managed to compromise a wallet used specifically for upgrading smart contracts. This wallet, which held administrative privileges over certain protocol functions, gave the hackers the ability to drain funds directly from the platform’s liquidity pools. The stolen assets comprised 24,984 Ethereum tokens worth approximately $12.5 million at the time, 3,200,000 of Bancor’s native BNT tokens valued at around $10 million, and 229,356,645 NPXS tokens worth roughly $1 million.
Bancor was quick to respond once the breach was detected. The company announced that it had successfully frozen the $10 million worth of its own BNT tokens, preventing the thieves from moving or liquidating them. However, the platform was unable to freeze the stolen Ethereum and NPXS tokens, meaning approximately $13.5 million in cryptocurrency remained in the attackers’ control.
A Platform Under Scrutiny
The hack represented yet another setback for Bancor, which had raised $153 million in what was then the largest initial coin offering in history back in June 2017. The ICO attracted significant venture capital attention, including backing from billionaire investor Tim Draper. Despite the impressive fundraising, Bancor had faced persistent skepticism from the crypto community about its core premise of providing algorithmic liquidity for lesser-used digital tokens.
The security breach amplified existing criticisms about Bancor’s decentralized claims. Litecoin creator Charlie Lee was among the most vocal critics, pointing out that Bancor’s ability to freeze its own tokens proved the platform was not truly decentralized. The contradiction was clear: a genuinely decentralized platform should not have a centralized kill switch for any token, no matter how well-intentioned its use.
Broader Implications for Crypto Security
The Bancor incident was part of a troubling pattern of exchange-related hacks that plagued the cryptocurrency industry throughout 2018. Earlier in the year, Ernst & Young had published a report revealing that roughly 10% of all funds raised through initial coin offerings — totaling over $400 million — had been lost to hackers and other malicious actors. The sheer scale of these losses was undermining investor confidence at a time when the broader crypto market was already in a deep downturn from its December 2017 peaks.
Bitcoin was trading at approximately $6,741 on the day of the hack, while Ethereum sat around $476, both far below their all-time highs from earlier in the year. The timing of the Bancor breach only added to the prevailing negative sentiment in the market.
Bancor’s Response and Aftermath
Following the discovery of the hack, Bancor took the drastic step of temporarily shutting down its entire network to address the security vulnerabilities. The company maintained that no user wallets had been compromised in the attack, asserting that only its own operational wallets were affected. BNT token prices fell 14% on the day of the announcement, reflecting investor unease about the platform’s security posture.
The hack underscored a fundamental tension in the cryptocurrency space: the trade-off between convenience and security. Bancor’s smart contract wallet, designed to facilitate seamless protocol upgrades, became its Achilles heel when attackers found a way to exploit it. For an industry still finding its footing, the incident served as a stark reminder that innovation without robust security practices could carry a very steep price tag.
Why This Matters
The Bancor hack of July 2018 was one of the early warning signs that decentralized finance platforms needed fundamentally different security architectures than traditional exchanges. The fact that Bancor could freeze its own tokens but not Ethereum highlighted the limitations of platform-level security measures when dealing with cross-chain assets. This incident would inform the development of more sophisticated security protocols in the DeFi space in the years that followed, including multi-signature wallets, time-locked contracts, and formal verification of smart contract code.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making investment decisions.