A Twitter post confirmed the breach and Bancor’s halted operations, which the platform says is specifically to allow investigative work prior to a full statement being released “shortly.”
“This morning (CEST) Bancor experienced a security breach. No user wallets were compromised,” the tweet reads, continuing:
“To complete the investigation, we have moved to maintenance and will be releasing a more detailed report shortly. We look forward to being back online as soon as possible.”
As of press time Monday, the platform’s homepage redirects to a maintenance message, with provision for a return to normal service within “minutes” rather than hours or longer.
User funds remain intact due to Bancor not holding any cryptocurrency in hot wallets or otherwise on their behalf.
The malicious party exchanged some of the tokens via instant conversion service Changelly, the latter told Cointelegraph.
“Part of the stolen tokens were exchanged via Changelly,” CEO Konstantin Gladych told Cointelegraph in a statement, adding:
“Afterwards the tokens were frozen by the Bancor Foundation in our contract. Now we are helping track the stolen funds.”
Sources familiar with the matter also told Cointelegraph that the stolen tokens included Bancor’s native token BNT –– which the platform was able to freeze –– as well as around 25,000 Ethereum (ETH) ($12.2 mln) and 300,000 Pundi X (NPXS) ($1,200), which Bancor is in the process of tracking, reportedly with the help of other exchanges.
Bancor became well known after raising $153 mln in ETH in three hours during its Initial Coin Offering (ICO) in 2017, an unprecedented amount at the time.
Its decentralized structure has contributed to its security record, while major hacks have continued to rock centralized cryptocurrency exchanges – most notably Coincheck – throughout this year.
Vitalik Buterin, co-founder of Ethereum, delivered heavy criticism of centralized exchanges last week, saying he “hopes they burn in Hell.”