Bancor, a decentralized crypto exchange that raised $153 million in June 2017, has lost $12.5 million in ether, the native cryptocurrency of Ethereum, in a recent security breach. However, the blockchain protocol and its developers were criticized not for the theft of their funds, but for their ability to freeze funds using a centrally controlled system.
Start of Controversy: Freezing Stolen BNT
Almost immediately after the security breach was unraveled, the Bancor development team released a statement which claimed that 24,984 ETH, equivalent to $12.5 million, was withdrawn from the BNT smart contract. The developers clarified that the affected wallet is not a user wallet and user funds were not stolen throughout the entirety of the breach.
Controversy emerged when the Bancor team claimed that it had frozen the stolen BNT to limit the damage the breach could have caused to the Bancor ecosystem. The official statement from the Bancor team read:
“Once the theft was identified, we were able to freeze the stolen BNT, limiting the damage to the Bancor ecosystem from the theft. The ability to freeze tokens was built into the Bancor Protocol to be used in an extreme situation to recover from a security breach, allowing Bancor to effectively stop the thief from running away with the stolen tokens.”
The end outcome of the fund freeze was positive, given that the Bancor team was able to stop more funds from being stolen by the hackers. The issue with the statement of the Bancor team, especially amongst experts in the cryptocurrency community, is that a centralized party or arbitrator on Bancor is forced to decide whether an event or a case is considered as an “extreme situation” before freezing funds on the Bancor network.
The fundamental purpose of public blockchain technology is to enable the transfer of data in a truly peer-to-peer and trustless ecosystem. If there exists a centralized group of individuals or arbitrators that have the power to freeze funds, the decentralized nature of the project will inevitably be questioned by both developers and experts in the community.
Reaction From Experts
Jackson Palmer, the creator of Dogecoin and product lead at Adobe, said that the hack itself is not a key issue, but rather the built-in centrally controlled system of the Bancor network and other decentralized applications on Ethereum.
“The key thing here is not the hack itself – it is a fact the Bancor team could freeze funds. How many other “decentralized” DApps have a built-in kill switch that’s centrally controlled?” Palmer said.
LItecoin creator and former Coinbase director of engineering Charlie Lee echoed a similar sentiment as Palmer and said that the decentralized nature of Bancor could be questioned in this case. Lee noted:
“A Bancor wallet got hacked and that wallet has the ability to steal coins out of their own smart contracts. An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It’s a false sense of decentralization.”
Emin Gun Sirer, a professor at the prestigious Cornell University, also condemned the centrally controllable system implemented by Bancor, stating that the network should have had integrated a solution in its core contract to avoid a sudden extraction of funds.