AMLT Crypto Alert of the Week
The Bancor hack
Where did it go and how can we help prevent it?
Welcome to week 3 of the Crypto Alert of the Week series by AMLT, a series dedicated to documenting interesting or high profile frauds/hacks etc that recently happened and have been reported into the AMLT Network and show how the AMLT Network can help track and prevent it in the future.
The other week, notable exchange Bancor had a wallet compromised attached to a smart contract leading to the theft of around $12.5 million worth of Ether, approximately $10 million worth of their own token, BNT, as well as around $1 million worth of Pundi X’s NPXS token. Since Bancor never holds nor has access to user wallets, no user funds were affected. After the breach occurred, we began documenting the process through the Coinfirm AML/KYC Platform and AMLT Network.
On July 9th, funds worth approximately $23.5M were taken from the originating address. Funds included:
- Approx $10M worth Bancor Tokens (BNT)
- Approx $12.5M worth Ethereum
- Approx $1M worth Pundi X Tokens (NPXS).
BNT Tokens: The affected BNT were frozen thanks to the Anti-Theft Override mechanism that Bancor Protocol designed for thefts.
Ether: Within 9 hours all of the Ether were moved from the Bancor address through different addresses to end up on the perpetrators address from which the funds have not moved since.
Pundi X Tokens: Between the 9th and 13th July 2018 all Pundi X Tokens were moved to 34 different addresses and then through over 100 different addresses from which they ended up on one of the largest exchanges in the world.
Once the addresses tied to the theft were reported they were implemented into the AMLT Network, analyzed for legitimacy and proof of data, and then implemented the data into the Coinfirm AML/KYC Platform. Below you see how the process worked and the end result on the AML/KYC Risk Report as the related addresses are now appropriately flagged with new risk indicators and C-score(Risk rating). In this case as the address hasn’t been 100% confirmed as belonging to the “hacker”, we have yet to set the behavior analysis profile as a hacker, but have related the incoming funds and address to the hack and flagged and rated it appropriately. With this system, in the near future, once funds are flagged in real-time by automated software, it could prevent liquidation on exchanges if the exchanges and the affected projects are able to connect the dots fast enough.
Now, any of the over 100 companies and financial institutions using the Coinfirm Platform can not only stop from taking on risk themselves but help stop spreading the stolen funds and risk throughout the system. If the perpetrators of such acts will have a harder time moving the funds easily through the system it will help combat their incentive and ability to do so in the first place. In this circumstance, if the parties that provided the addresses and data to the AMLT Network were Network Members, they would be rewarded in AMLT tokens that they can then use for reports and services on the Coinfirm AML/KYC Platform. Now any entity somehow participating or interacting with cryptocurrency has a system to submit data on nefarious actions as well as have a platform behind it that provides effective results, bringing a new level of transparency and security to the cryptocurrency economy.