The attack highlights both the perks and drawbacks of centralized authority in cryptocurrency exchange and blockchain technology.
Bancor announced on Monday via tweet[1] that "a wallet used to upgrade some smart contracts was compromised," and a total of roughly $23.5 million-worth of Ether, Pundi X (NPXS) tokens, and Bancor Network tokens (BNT) were stolen. Roughly $10 million was in BNT. In response, Bancor used its authority to freeze the stolen BNT tokens, preventing the thief from running away with that value.
Bancor is a blockchain protocol that circumvents the need for cryptocurrency exchanges like Coinbase by allowing users to convert tokens directly and instantly through its EDCCs (or smart contracts). When the company launched its ICO in June 2017, it raised a record-breaking[2] $153 million in less than three hours. Bancor's market capitalization is almost $140 million, and in a recent blog post[3] celebrating its 1 year anniversary, it touted "$1 billion in token conversions between more than 27,000 unique wallet addresses, achieving over $21 million in daily conversions on peak days."
Despite its evident popularity, Bancor's protocol has been controversial from day one due to the centralized[4] nature of its native coin. Critics of the technology argue that the company can create, destroy, and freeze tokens at will, requiring a great deal of user trust in one entity for a technology that claims to be decentralized.
Bancor's twitter feed suggests more than a few people were unsurprised by the attack, and scoffed at the company's choice to freeze the funds.
Moreover, the hack was apparently achieved through a compromised wallet that allowed Bancor to update EDCCs. The fact that Bancor's wallet is capable of updating EDCCs is in and of itself a controversial facet of Bancor's protocol,
