Bancor decentralized exchange just released a statement saying that it has just discovered a loophole in its recently updated smart contracts. According to the official tweet released by the exchange, the vulnerable smart contract was discovered on June 16. The company has stated that since the loophole was discovered, they have been trying to hack their own database to save as many user funds as possible from outside attack.
New loophole discovered by Bancor
The recent bug that was discovered in the updated release of the Bancor exchange smart contracts could result in the loss of client’s funds on the platform. Hex Capital, a crypto investment firm, has noted that the issue allowed an unauthorized person to call the “safe transfer form”. This function on the ERC-20 contracts is a means to allow a holder to withdraw some portion of their allowance. With this latest development, Bancor has advised its client base on the smart contracts platform to revoke the previous approval for withdrawal. To do the revoking, Bancor further said that they could get it done on a secure website called approved.zone.
After the bug was discovered, the Bancor team of developers and analysts have taken a rather surprising approach to tackle the situation. They have been said to be exploiting the loophole in the smart contracts themselves by performing a “white hack attack”. However, Hex Capital has said that the team discovered the loophole very late as some funds were already reportedly stolen.
Front runners used bots to steal funds, report says
According to the investigation conducted by 1inch.com, it showed that immediately the Bancor development team started to drain the funds they could get from their hack, two known front runners started copying their transactions. Bots were automatically set up to take advantage of the hack and they were able to steal a fifth of the user funds on the platform. 1inch was quoted as saying, “The Bancor team rescued $409,656 in total and spent 3.94 ETH for gas, while automatic front-runners captured $135,229 and spent 1.92 ETH for gas. Users were charged for $544,885 in total.”
However, there is the hope of retrieving the stolen funds as the bots displayed the contact details of the front runners. Additionally, one of the front runners has said he will return the funds. With the recent hack on the smart contracts platform, Bancor has said that they will do all they can to increase the security of their platform after they get the stolen funds back.