Israeli Bancor hacked

[Guest]

~$20 M hack driving market.

[Guest]

https://techcrunch.com/2018/07/10/bancor-loses-23-5m/

 

Quote

Bancor, a crypto company that touts a decentralized exchange service, has lost some $23.5 million of cryptocurrency tokens belonging to its users following a hack.

 

[Guest]

Weekly event...

[Sarnos]

Guys do me a favour take good care of your cryptos... do not be the next youtuber crying about the loses.

[Pablo]

Here's the thing - decentralised exchanges rely to a large extent on smart contracts. Very few people understand the attack vectors for smart contracts or the underlying platforms used to design them. Smart contracts present huge attack surfaces - the smart contract software code, the smart contract logic (e.g. the voting systems on the DAO), the associated software libraries, the underlying platform and even the hardware (see for example the security vulnerabilities for Intel's SGX enclaves).

These all present opportunities for hackers. The challenges are not insurmountable but they are compounded because there is no organisation or coordinated effort to secure the entire ecosystem, and there is an asymmetric war going on because the rewards for identifying and patching issues are insignificant whereas the rewards for a successful hack are huge.

To put this in context, Bancor was warned last year of vulnerabilities with their ICO and trading platform by 2 of the best in the business. And yet here we are a year later.

The other issue is that a decentralised exchange is only a strong as its weakest link. If you can pwn any of the listed coins on that exchange, you have compromised the entire exchange because you simply trade out of the compromised currency to a safe, high liquidity currency. There are no KYC or AML programs and regulations are non-existent for many decentralised exchanges so it's too easy to launder the coins.

To top it all off, I don't even believe all of these publicised hacks/thefts are real. Tether (the company) had $30m "stolen" last November. You'd think that would be a big enough theft to invite a major police operation. That story was largely forgotten after a few days.

The moral of the story: no one seems to care too much and it has little to no effect on prices (e.g. Verge, which despite the algo issues, is still up 400% from Dec so has outperformed many of the top 10 currencies in the same timeframe - that is frankly incredible).

I leave you with these final words from the above article by Prof Sirer and Phil Daian:

Quote

Crypto prices rarely follow rational rules, historically, some of the flawed systems that we have highlighted in this blog have done well, partly due to the increased attention they have received. Caveat emptor.