Bancor, a decentralized Liquidity provider, has reported vulnerability on its BancorNetwork v0.6 new smart contract protocol, which might have led to a loss of user funds.
Announced publicly on Thursday, the vulnerability was detected by the security team of the Blockchain project on Tuesday. The developers also carried out a controlled independent attack on the network exploiting the vulnerability to transfer all assets to safe addresses.
Last night, a vulnerability was discovered in a new version of the BancorNetwork v0.6 contract deployed on June 16 2020.
Any users who has traded with Bancor in the last 48hrs and given approvals to the Bancor contract, go to https://t.co/bCdpVtfPOC and revoke all approvals. — Bancor (@Bancor) June 18, 2020
They also assured that all tools on Bancor are now safe.
Users are reporting a loss of funds
The users who made transactions in the 48 hours after the discovery and announcement of the vulnerability have been asked to follow some instructions and withdraw all transactions associated with the three addresses of the smart contract.
The mentioned impacted addresses are 0x8dFEB86C7C962577deD19AB2050AC78654feA9F7; 0x5f58058C0eC971492166763c8C22632B583F667f; and 0x923cAb01E6a4639664aa64B76396Eec0ea7d3a5f.
The developers warned that the funds in these wallets might get affected due to the vulnerability.
According to initial reports, the amount of BNT tokens that were drained totaled around $460,000.
Though not verified yet, some users are already reporting losses of funds stored in Bancor tokens.
I have lost more than 10,000 BNT, How did it back to my account?
— moremore (@moremor91798033) June 18, 2020
The impact of the vulnerability can be clearly seen in the cryptocurrency market as BNT token prices dropped 10 percent in the last few hours drag.
Though criticized by many, Bancor is a popular blockchain project. Last week, Coinbase announced that it is considering listing the token on its exchange, which might give its prices a massive boost.
Notably, the Bancor protocol was also hacked in 2018, resulting in a loss of $12 million worth crypto and a halt in its operations.