Submitted via IRC for Fnord666
In a statement published hours ago, Israeli-based cryptocurrency exchange Bancor fessed up to a security incident following which a hacker made off with roughly $13.5 million worth of cryptocurrency.
The hack took place yesterday, July 9, at 00:00 UTC, according to Bancor, after an unknown intruder(s) gained access to one of the company's wallets.
This was a big deal because Bancor doesn't run as a classic exchange platform, but uses a complex mechanism based on smart contracts running on the Ethereum platform to move funds at a quicker pace than classic exchange platforms.
The compromised wallet also granted the attacker access to updating the smart contracts responsible for converting user funds.
Bancor says the hacker used this access to withdraw 24,984 Ether (ETH) coins (~$12.5 million) from Bancor smart contracts and sent the Ether to his own private wallet.
Similarly, he also withdrew 229,356,645 Pundi X (NPXS) coins, worth another $1 million.
[...] The hacker also withdrew 3,200,000 Bancor tokens (BNT) (worth around $10 million), which Bancor had issued last year as part of its ICO that raised over $150 million, but Bancor says a security feature in Bancor tokens allowed it to freeze the funds and prevent the hacker from cashing it out at other exchanges.
(Score: 3, Funny) by chromas on Wednesday July 11 2018, @06:03AM (2 children)
Sounds like they could use some blockchain.
I see. But they were only using a little blockchain. That's not enough, is it? No! They need more blockchain! I propose MongoChain. It's webscale.
(Score: 1, Funny) by Anonymous Coward on Wednesday July 11 2018, @06:33AM
Sign me up!
Here's my bank routing info. I know you'll only take the EU10,000 that I'm investing here.
343698331 591 5008 42111
I'm a gonna be RICH! Woo-hoo!
(Score: 3, Touché) by Dr Spin on Wednesday July 11 2018, @12:59PM
When I hear the word "smart" I reach for my gun!
Warning: Opening your mouth may invalidate your brain!
(Score: 0) by Anonymous Coward on Wednesday July 11 2018, @07:43AM (1 child)
as I understand it, these cryptocurrencies have a "serial number", and it is attached to a "user ID" (or wallet, whatever).
1. how can anyone steal them? I mean... aren't there redundant copies of the serial number/user ID table, such that if someone fraudulently changes it it can be restored?
2. why are stolen serial numbers accepted in subsequent transactions? ok, so you can't synchronize everything, but once this announcement is made, why not look up who is the new owner of the stolen "coins", and then trace back to the thief?
(Score: 3, Insightful) by coolgopher on Wednesday July 11 2018, @09:16AM
The short summary is that on the blockchains, there is no "ownership", there is only "proof of access". You don't own crypto currency, you can only prove that you have access to it, which is how you are able to transact using those coins. If someone steals the magic numbers that are used to prove access, they are as entitled to transact using the coins in questions as any other user with access to those magic numbers.
As for your second point, that would involve law enforcement agencies, and tech savvy ones at that. Good luck.
(Score: 2) by Bot on Wednesday July 11 2018, @07:55AM (1 child)
AFAIK the smart contracts are computed on the ethereum platform, so i guess the hacker hacked them beforehand and none noticed? or is it a "pray I don't alter it any further" thing?
Account abandoned.
(Score: 0) by Anonymous Coward on Wednesday July 11 2018, @04:35PM
Complexity is complex, and bugs can and do happen, but this is why you must statically verify every contract and test it out even at the edge cases.
That's not the issue here though.
In this case the "hacker" got hold of a key that the contract recognized as an administrative key.
The contract followed the instructions it was given, and the real story here is that bancor's key management was shit,
like committing your AWS API KEY to github levels of bad.
(Score: -1, Troll) by Anonymous Coward on Wednesday July 11 2018, @06:17PM (1 child)
"Israeli-based"
That is your problem right there. Rid the planet of jews and all problems can then be solved. All conflicts resolved. More progress than has been seen in history.
The israelis stole the money themselves and then "complained" of a hack. Cryptocurrencies seem like a total jewish idea: create value out of nothing. Or rather, give the impression of value and extract real value from unsuspecting victims, while making them do all the work.
Stay away from the jew. Stay away from cryptocurrencies.
(Score: 0) by Anonymous Coward on Wednesday July 11 2018, @09:14PM
troll types from a tax funded terminal, no doubt.