Crypto Security: Attacks, Hacks, and Theft

An anonymous developer/developer team known as BitPico decided to stress-test (attack) the Bitcoin Cash (BCH) network. In this attempt, they allegedly discovered new evidence of the centralization of its nodes.

According to BitPico, “98% of the shown nodes are sitting in the same server rack.” The stress test was launched in June and they claimed that Roger Ver, the most notable BCH supporter, would now cry as they would accumulate 5000 attack nodes for BCH in 6 weeks.

“We don’t think the [Bitcoin Cash] people understand how easy it is to bring their network down,” BitPico added.

BCH has been heavily criticized for its lack of decentralization long before the discovery of the node locations. Last December 2017, Nick Szabo, a cryptography pioneer and one of the most respected person in the crypto space, called BCH a “centralized sock puppetry” after evidence surfaced showing half of the coins in Alibaba servers.

Meanwhile, Vitalik Buterin, Ethereum’s co-founder, slammed centralized crypto exchanges in a recent interview at TechCrunch. He said “I definitely hope centralized exchanges go burn in hell as much as possible.”

His criticism was largely based on their insanely high listing fees ($10 to $15 million) in order for crypto tokens to be traded on their platform as well as the fact that they have the leverage to decide which cryptocurrencies will “become big.” He also added that decentralization (of exchanges) would better suit the “blockchain values” of “openness and transparency.”

However, decentralized exchanges are not perfect either. They lack liquidity compared to their centralized counterparts and they have proven to be hackable at least at present.

In an ironic chain of events that would later transpire, Bancor expressed their support for Vitalk’s stance on centralized exchanges days before their DEX (decentralized exchange) was hacked.

According to their tweet “Burning in hell is a bit extreme” but they do agree that decentralized solutions “such as Bancor—are the future of blockchain and value exchange.”

As if fate was playing games, Bancor subsequently got hacked. Over $23 million worth of crypto was stolen from its users on July 9.

The Israel-based company launched their ICO in June last year and raised $150 million, one of the highest ICO funding to date. They have their own native token called BNT. According to Bancor, “a wallet used to upgrade some smart contracts was compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24,984 ETH ($12.5 million).” The same wallet also stole roughly $10 million worth of BNT and $1 million worth of NPXS.

The hackers allegedly have converted some of the stolen assets into fiat using Changelly, an instant crypto exchange. “Once the theft was identified, we were able to freeze the stolen BNT.” Bancor also said that they cannot do the same to ETH or any other stolen tokens and that the ability to freeze tokens was built into the Bancor protocol to be used only for extreme situations.

They are currently working with other exchanges to help trace the stolen funds and prevent the hackers from liquidating all of them. Despite their efforts in remedying the situation, Bancor still received criticism namely on twitter for their methods and lack of security, including Litecoin founder Charlie Lee. Lee made a tweet stating “that wallet has the ability to steal coins out of their own smart contracts. An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It’s a false sense of decentralization.”

This security breach on top of the recent Binance API hack shows that no crypto exchange is completely secure, centralized or decentralized. Although some individuals in the crypto community question Bancor’s claim to be decentralized, we need to tread with caution as this is a very new but powerful technology that attracts the good and malicious people alike.

With that in mind, it might be a good idea to consider looking into hybrid exchanges which leverage the pros of centralized and decentralized exchanges in one platform. We recently made an ICO review of a hybrid platform called AES Signatum you might want to check it out.