Exclusive: Bancor Responds to Hack - “Our Wallets Have Been Battle-Tested”

Monday, 23/07/2018 | 12:02 GMT by Rachel McIntosh
  • Omri Cohen and Eyal Hertzog defend the Bancor network's response to this month's hack.
Exclusive: Bancor Responds to Hack - “Our Wallets Have Been Battle-Tested”

Earlier this month, the Bancor network experienced a multi-million dollar hack. Recently, Finance Magnates spoke with Eyal Hertzog, co-founder of Bancor, and Omri Cohen, head of growth at Bancor, about the recent hack, Bancor’s future, and the crypto industry at large.

“A Bancor wallet was broken into, and that wallet had access to certain smart contracts. Some tokens were stolen from those smart contracts on the network, totalling about $23.5 million,” Omri began. “We can’t really speak to the details of the investigation while they’re being reviewed,” although he did confirm that a criminal investigation is being conducted by an organization he said he couldn’t name.

“All wallets on the Bancor network are fully on-chain and fully decentralized. Bancor doesn’t have access to any of these wallets. So, no matter what, not a single user wallet was broken into. There was no breach. It was just the smart contracts,” he said.

“Before this, we had some severe security audits - some really intense audits on that front - and they passed," he added. "Now we even have real proof in the field.”

Is Bancor a Decentralized Network?

The hack brought some of the long-standing criticisms of the Bancor network back out into the light. Namely, the fact that Bancor has a sort of ‘emergency switch’: a mechanism that allows the network’s operators to freeze BNT tokens. Critics argue that the existence of the mechanism means that Bancor is not a truly decentralized network.

“It’s ironic that these conversations are coming up. I’m very glad that this thing has led to these conversations, because I think it’s very healthy for the ecosystem to grow in this way.

“There’s going to be a lot of people that remember the DAO attack on the Ethereum network where $150 million was stolen from a smart contract. At the time, there was a very similar conversation - what do we do when all this money is stolen? Do we let the thief get away with $150 million and compromise the integrity of the network? Or do we stop him?”, Omri asked.

He went on to say that “the Ethereum community chose to prevent the thief from getting the $150 million. There was a hard fork, and Ethereum Classic was formed. Ethereum Classic today has about two percent of the market cap of Ethereum. Ethereum Classic chose to have this completely hands-off approach to crime - you get your money stolen, you’re out of luck. Most people actually support preventing thieves from stealing money.”

Omri added that “for us, the integrity of the Bancor network is more important” than the philosophical debate over what true decentralization really means.

“I think there’s also confusion, because [people] say, ‘Oh, if you have central power, then you’re just like the banks!’,” added Eyal. However, he argued that “it’s not as much about the control as it is the forkability. “You can fork a decentralized system. That’s what makes it decentralized. [Forkability] makes it so that no one can own it--how can you own something when it can be forked?”

“You can’t fork a bank,” he continued. “I think this is the most important aspect of decentralization…[because] if you know that you can be forked at any moment, then you wouldn’t dare do something that isn’t completely dedicated to the benefit of your community.”

“If you have the ability to stop thieves when they essentially attack the community, then it doesn’t make sense not to have [the emergency mechanism]. When they didn’t have it, with the DAO, they actually forked the entire Blockchain . If the DAO had this emergency switch, they wouldn’t have forked Ethereum. That was their greatest mistake, and it’s important to learn from those mistakes.”

“I definitely think that when a system is built in such way that it has some level of governance, obviously, you’re introducing some kind of vulnerability that wasn’t there before. However, we already saw how risky it is how not to have that.”

“I think it’s a conversation of the better of two evils,” Omri interjected. “Ultimately, we do live in a world where these kinds of attacks and these kinds of crimes happen. So the question is, what do we do about it? Let them happen? Find a way to prevent them? What’s more important?”

Eyal added that “some people still think that we should only build systems that when we finish building them, we release them to the world and we make them immutable forever and ever and ever and it’s gonna be great. It doesn’t work like that.” He said that the moment when you release a system to the public is when you only start to begin what its users really need and that therefore, a system of governance is vital.

To hear the rest of this interview, please click on the Soundcloud and Youtube Links.

Earlier this month, the Bancor network experienced a multi-million dollar hack. Recently, Finance Magnates spoke with Eyal Hertzog, co-founder of Bancor, and Omri Cohen, head of growth at Bancor, about the recent hack, Bancor’s future, and the crypto industry at large.

“A Bancor wallet was broken into, and that wallet had access to certain smart contracts. Some tokens were stolen from those smart contracts on the network, totalling about $23.5 million,” Omri began. “We can’t really speak to the details of the investigation while they’re being reviewed,” although he did confirm that a criminal investigation is being conducted by an organization he said he couldn’t name.

“All wallets on the Bancor network are fully on-chain and fully decentralized. Bancor doesn’t have access to any of these wallets. So, no matter what, not a single user wallet was broken into. There was no breach. It was just the smart contracts,” he said.

“Before this, we had some severe security audits - some really intense audits on that front - and they passed," he added. "Now we even have real proof in the field.”

Is Bancor a Decentralized Network?

The hack brought some of the long-standing criticisms of the Bancor network back out into the light. Namely, the fact that Bancor has a sort of ‘emergency switch’: a mechanism that allows the network’s operators to freeze BNT tokens. Critics argue that the existence of the mechanism means that Bancor is not a truly decentralized network.

“It’s ironic that these conversations are coming up. I’m very glad that this thing has led to these conversations, because I think it’s very healthy for the ecosystem to grow in this way.

“There’s going to be a lot of people that remember the DAO attack on the Ethereum network where $150 million was stolen from a smart contract. At the time, there was a very similar conversation - what do we do when all this money is stolen? Do we let the thief get away with $150 million and compromise the integrity of the network? Or do we stop him?”, Omri asked.

He went on to say that “the Ethereum community chose to prevent the thief from getting the $150 million. There was a hard fork, and Ethereum Classic was formed. Ethereum Classic today has about two percent of the market cap of Ethereum. Ethereum Classic chose to have this completely hands-off approach to crime - you get your money stolen, you’re out of luck. Most people actually support preventing thieves from stealing money.”

Omri added that “for us, the integrity of the Bancor network is more important” than the philosophical debate over what true decentralization really means.

“I think there’s also confusion, because [people] say, ‘Oh, if you have central power, then you’re just like the banks!’,” added Eyal. However, he argued that “it’s not as much about the control as it is the forkability. “You can fork a decentralized system. That’s what makes it decentralized. [Forkability] makes it so that no one can own it--how can you own something when it can be forked?”

“You can’t fork a bank,” he continued. “I think this is the most important aspect of decentralization…[because] if you know that you can be forked at any moment, then you wouldn’t dare do something that isn’t completely dedicated to the benefit of your community.”

“If you have the ability to stop thieves when they essentially attack the community, then it doesn’t make sense not to have [the emergency mechanism]. When they didn’t have it, with the DAO, they actually forked the entire Blockchain . If the DAO had this emergency switch, they wouldn’t have forked Ethereum. That was their greatest mistake, and it’s important to learn from those mistakes.”

“I definitely think that when a system is built in such way that it has some level of governance, obviously, you’re introducing some kind of vulnerability that wasn’t there before. However, we already saw how risky it is how not to have that.”

“I think it’s a conversation of the better of two evils,” Omri interjected. “Ultimately, we do live in a world where these kinds of attacks and these kinds of crimes happen. So the question is, what do we do about it? Let them happen? Find a way to prevent them? What’s more important?”

Eyal added that “some people still think that we should only build systems that when we finish building them, we release them to the world and we make them immutable forever and ever and ever and it’s gonna be great. It doesn’t work like that.” He said that the moment when you release a system to the public is when you only start to begin what its users really need and that therefore, a system of governance is vital.

To hear the rest of this interview, please click on the Soundcloud and Youtube Links.

About the Author: Rachel McIntosh
Rachel McIntosh
  • 1509 Articles
  • 55 Followers
About the Author: Rachel McIntosh
Rachel is a self-taught crypto geek and a passionate writer. She believes in the power that the written word has to educate, connect and empower individuals to make positive and powerful financial choices. She is the Podcast Host and a Cryptocurrency Editor at Finance Magnates.
  • 1509 Articles
  • 55 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}