Bancor

Quick Summary

Bancor smart contracts were compromised due to a security breach in a wallet used for upgrades, leading to a loss of approximately
24,984 ETH and other tokens worth around $23.5M.




Details of the Exploit

The attacker compromised a wallet used for upgrading smart contracts and withdrew 24,984 ETH (~$12.5M) from the BNT smart
contract. The same wallet was also used to steal 229,356,645 NPXS (~$1M) and 3,200,000 BNT (~$10M). The stolen funds were
transferred to multiple wallets before being deposited into the Huobi exchange.




Block Data Reference

The transactions related to the attack can be traced through the following links:

- Initial withdrawal of Bancor's ETH: [Transaction
Link](https://etherscan.io/tx/0xf9fe97d642705fa016c4f8d11ea13ce581ba75c57ac455586254e15d915e9bde)

- Additional ETH received by Phishing1701: [Transaction
Link](https://etherscan.io/tx/0xfdb8d337b4b96d186375355bc0231ad4ee04ab2556fb9628bbf382343cb2c833)

- Conversion of Bancor's ETH into Ether: [Transaction
Link](https://etherscan.io/tx/0x43a964e635f31b0cc329db6f980f09096054e4e3a627c85654852fd026b92ba0)

- Transfer of ETH to Phishing1702: [Transaction
Link](https://etherscan.io/tx/0x4a47e32d4e1f90457b65b73bff0770caa6810880ad50a2f03a62d8a525b62b9f)

- Transfer of ETH to Phishing1703: [Transaction
Link](https://etherscan.io/tx/0x2c281aa4ee30d4d0a5dcd77bb80bc66f13d027bb828f5e4b3be7ff8bd47999a2)

- Transfer of ETH to the hacker's wallet: [Transaction
Link](https://etherscan.io/tx/0x1890d018b54fc773ca153701f64b0668d278e15ee9f99abad11635d24ec0babe)

- Transfer of ETH to an external wallet: [Transaction
Link](https://etherscan.io/tx/0x492650541da5a2839e3314885fae541e68932a5410eb708f843a250e2863d57d)

- Deposit of ETH into the Huobi exchange: [Wallet
Address](https://etherscan.io/address/0xd294ac18b524ff59ab7fffcbd459f11128220550)

Quick Summary

Bancor smart contracts were compromised due to a security breach in a wallet used for upgrades, leading to a loss of approximately
24,984 ETH and other tokens worth around $23.5M.




Details of the Exploit

The attacker compromised a wallet used for upgrading smart contracts and withdrew 24,984 ETH (~$12.5M) from the BNT smart
contract. The same wallet was also used to steal 229,356,645 NPXS (~$1M) and 3,200,000 BNT (~$10M). The stolen funds were
transferred to multiple wallets before being deposited into the Huobi exchange.




Block Data Reference

The transactions related to the attack can be traced through the following links:

- Initial withdrawal of Bancor's ETH: [Transaction
Link](https://etherscan.io/tx/0xf9fe97d642705fa016c4f8d11ea13ce581ba75c57ac455586254e15d915e9bde)

- Additional ETH received by Phishing1701: [Transaction
Link](https://etherscan.io/tx/0xfdb8d337b4b96d186375355bc0231ad4ee04ab2556fb9628bbf382343cb2c833)

- Conversion of Bancor's ETH into Ether: [Transaction
Link](https://etherscan.io/tx/0x43a964e635f31b0cc329db6f980f09096054e4e3a627c85654852fd026b92ba0)

- Transfer of ETH to Phishing1702: [Transaction
Link](https://etherscan.io/tx/0x4a47e32d4e1f90457b65b73bff0770caa6810880ad50a2f03a62d8a525b62b9f)

- Transfer of ETH to Phishing1703: [Transaction
Link](https://etherscan.io/tx/0x2c281aa4ee30d4d0a5dcd77bb80bc66f13d027bb828f5e4b3be7ff8bd47999a2)

- Transfer of ETH to the hacker's wallet: [Transaction
Link](https://etherscan.io/tx/0x1890d018b54fc773ca153701f64b0668d278e15ee9f99abad11635d24ec0babe)

- Transfer of ETH to an external wallet: [Transaction
Link](https://etherscan.io/tx/0x492650541da5a2839e3314885fae541e68932a5410eb708f843a250e2863d57d)

- Deposit of ETH into the Huobi exchange: [Wallet
Address](https://etherscan.io/address/0xd294ac18b524ff59ab7fffcbd459f11128220550)