Discussion: Bancor Security Breach
Hello guys,
I believe at this point everyone who is trading or is involved in cryptocurrencies has heard from the latest security breach. Bancor was hacked on the 9th of July 2018, a total of $23.5 million was stolen.
The funds can be located here:
- Address 1: 136,394,414.41 NPXS https://etherscan.io/address/0x33ed22f4b6b05f8a5faac4701550d52286bd735a
- Address 2: 25,533.61451775840108146 Ether (https://etherscan.io/address/0x8ddfdf60aaffe05c623ba193a186abd1f8024946)
- Address 3: 10.446923848869307 Ether (https://etherscan.io/address/0x5337a05cc6bcc36b9e70a4b2f81d4c7287aa742e)
To understand it more I've sorted the contracts and made up a name for them.
Contract 1: https://etherscan.io/address/0xc0829421c1d260bd3cb3e0f06cfe2d52db2ce315
Contract 2: https://etherscan.io/address/0xf20b9e713a33f61fa38792d2afaf1cd30339126a
Contract 3: https://etherscan.io/address/0x3839416bd0095d97be9b354cbfb0f6807d4d609e
Tracking Address 1
(1) Address 1 or "Fake_Phishing1701" currently holds 136,394,414.41 NPXS.
Checking the Token Transfers of Address 1 shows, that funds in form of NPXS where sent to multiple addresses - the total is: 92,962,230,5815655 NPXS. I checked most of the outgoing transactions and it appears that most of the funds are sitting in wallets, whereas some funds went to the Binance Wallet. Below you will see one of the many transactions. This would mean that those Pundi X tokens may have been traded.
The total amount of NPXS still on/moved by Address 1 is 229,356,645 NPXS
Tracking Address 2
Looking at the Ethereum transactions in Address 2 gives me a headache. I don't understand it. 3 addresses are over and over sending funds whereas Address 2 pushes funds into all 3 of them. The amount is mostly between 0.007 ETH and 0.01 ETH. Distraction? I clearly don't have enough knowledge to understand that process.
Looking at the token transfers, which are ERC-20 based: On the 9th of July 2018, 3,236,966 BNT where sent from Address 1 to Address 2. Those funds were then sent to 12 different addresses.
I've tracked the Addresses (seen above) and it appears that the BNT funds were either sent to Bittrex or Binance wallets.
(1) Address 2 -> BancorTokenContract
(2) BancorTokenContract -> Random address
(3) Random address -> Bittrex/Binance address
The info given in the news is without doubt correct
Even though this breach is nothing else than serious and concerning, have a look in the comments. https://etherscan.io/address/0x8ddfdf60aaffe05c623ba193a186abd1f8024946
It's truly amazing how many people (154 comments at the time of writing) try their luck to get some of the stolen cryptocurrencies. If the funds were sent to those people, wouldn't they automatically be involved in the criminal act?
This isn't the first theft in this year!
- In early June, 38,642 ETH (~$20 million) was stolen from insecure Ethereum nodes over the course of three months before the issue was exposed.
- On June 19, Korean cryptocurrency exchange Bithumb was hacked for 350 billion KRW (~$30 million) and was forced to suspend new user account registrations until the security breach was resolved.
Cheers
Very interesting story, it seems that although slightly better forms of security have been increased since mt. Gox, I'd say the number of hacks of exchanges has been consistant maybe even more since more exchanges with volume now but once every month or couple months on average.
You have a minor misspelling in the following sentence:
It should be noticeable instead of noticable.Congratulations @cryptofriendly! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :
Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word
STOPTo support your work, I also upvoted your post!
Do not miss the last post from @steemitboard:
SteemitBoard World Cup Contest - Croatia vs England
Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes