#BANCOR DATA BREACH: FROM CORUSCANT, WITH LOVE? – Part (0,0,0)
PREVIOUSLY on ADMP: On the 9th of July, the startup #BANCOR was hit by a ‘Data-Breach’ that sent the ‘crypto web’ in a frenzy! A year from now, in the hottest Crypto summer (#CRYPTOWARS, Ep3S1) of all time, in 2017, #BANCOR ICO raised $150M. in a matter of minutes!! We started covering this massive 2018 Hack last week, here’s the follow-up (Part 2/3) to that ‘tarantinesque’ breach!
By Hermann Djoumessi, MA
#ADMP Senior Crypto-Analyst & Community Manager
“ Was #BANCOR a properly decentralized solution or had it, at its core of its #Ethereum blockchain, a ‘Super-Power’ that would always give the Bancor institution, the ultimate right to switch the Bancor smart contract ‘on’ or ‘off’?? “
To translate: The question was made of three questions (We told you, Charlie was a smart twitterati!) :
1. Is Bancor a properly decentralized system?
2. If not, why is Bancor white paper claiming otherwise?
3. Is it true that Bancor can switch its Ethereum smart contract, ‘on’ and ‘off’ ?
– Question3 only arise, because of the breach, of course. Questions 1 and 2, already ‘agitated’, the numerous crypto-chatrooms on Facebook and Telegram, where ADMP often operates from, with its own channel, here. The hack was ‘tarantinoesque‘, as it required :
1. Multiple actors
2. Multiple timeline (or ‘Storylines)
3. Multiple exploits.
Let us explain below, what we mean by ‘Tarantinoesque’ exploit –> An ‘Exploit‘, being any method used by hackers to gain unauthorized access to a computer system :
=> Here in the BANCOR case, it was at first a ‘poke‘ to test the system, before a ‘double-swindle‘ via two different wallets. (#Multiple actors or wallets, here)
That sort of ‘complexity’ is ‘TarantinOesque‘ in its execution and timing! –> It is a reference to the complexity of Quentin Tarantino’s feature film scripts, and its non-linear storytelling, when filming ‘underworld’ characters.
⇒ That, was also the $13.5M. question asked on the floor of the Paris Blockchain conference on the 18th of July @ the Hyatt Regency in Porte Maillot (Paris). $13.5M. Which is the exact amount stolen from the #BANCOR servers and nodes.
FIRST THE FACTS:
On the 9th of july, skilled hackers transferred all funds to the following address:
Hackers in effect, had stolen the majority of the BNT token, from the 2 following wallets:
- 1.46M. BNT from: 0x0024d891047e844186758F89EB2F4DcFBB02C952 (BNT First ‘mark’ )
- 853K. BNT from: 0x009BB5e9fCF28E5E601B7D0e9e821da6365d0a9c (BNT 2nd ‘Mark’)
Hackers also took some BNT and remaining tokens, from this particular smart contract: https://etherscan.io/address/0x2d56d1904bb750675c0a55ca7339f971f48d9dda
The contract was known as the BancorConverter. Before we delve further into the discussion, let’s agree on some premises: …
* CONFLICTS, DID YOU SAY CONFLICT ?!? %*!
– Let’s face it, all sort of conflicts are bound to arise whether we are dealing with ‘Smarts contracts’ or “Cryptocurrency protocols”; Conflicts will arise as you scale up, inside and outside your organisation, it’s natural! –
Once you have a conflict, it is better to have an organization made of “human intelligence” or “natural person”, who could give out a smart resolution to conflict:
A quick, ‘common-sensed’ and ‘relevant to humans’ decision through voting or consensus. ==> Think for complex setups like gradual punishment, and fines, multiple languages translation systems, or rejections of ‘unruly’ members, or even rewards to staff or Bug bounty teams, etc…
* A PLAY FOR ‘GOOD’ GOVERNANCE?
A fact that would raise the issue of ‘Governance’ of those protocols, of course. It is the study of how human organisations (From the City, to not-for-profit, to foundation, to trust, etc..) function.
Most of these models take into account the challenges of managing complex beings like the humans and their multiple needs and wants. We also mentioned biometism as a source of inspiration for such endeavour, in previous articles.
⇒ This solution of ‘Human-based’ consensus, seems to be the most ‘realistic’, the most achievable especially for cryptocurrencies and smart contracts systems looking to serve the ‘mainstream economy’, often in multiple languages, or willing to comply to local Data protection regulations like the GDPR in Europe or the ‘Golden Shield ’ (The Great Firewall of China) in China.
3. LET’S NOT GET TOO TECHNICAL..
smart contract (also know as ‘Smart-Tract’) on the Ethereum #Blockchain, you will understand that there is such a thing, as a ‘Super-Power’ given to whomever created the smart contract in the first place, in solidity, the Ethereum coding language.
We won’t go deeper into the technical issues surrounding smart contract issuance here, however it is good to check the Blog post by ’Exposed Crypto.com’ on the Bancor Hack, here
It led some of us to conclude that following the Summer school ‘Blockchain-Ethical Hacking-Cyber Security’ seminar by Hermann Djoumessi @ the EPITA Computer & Data science engineering school of Paris, that you would have to consider different types of Blockchain ‘decentralized systems’.
4. FROM CORUSCANT, WITH LOVE ?
Using the ‘Star Wars’ analogy, the idea was that ‘Coruscant’, or Coruscant system, later known as the ‘Imperial system’, is an 11- planet system centered around the star Coruscant Prime and the galactic capital world of Coruscant.
To put it shortly, the ‘Capital-planet’ of the Empire, is located at the heart of the empire and should therefore always be referenced with the (0,0,0) coordinate.
The (0,0,0) coordinate should not, by the way, be confused with “Triple-Zeros” which are ‘protocol droid’ or robot specialized in etiquette and diplomacy, like C3-P0.
A (0,0,0) coordinate that could be ‘visible’ or ‘non-visible’ depending at which stage of the empire we are in :
⇒ ‘The rise of the insidious empire’: The (0,0,0) coordinate is hidden’
⇒ ’The establishment and deployment of the empire’: The (0,0,0) coordinate is visible and known to all –
Coming back to our Blockchain decentralized network analogy, if your system claimed to be decentralized and possessed a (0,0,0) coordinate hidden or otherwise, it could not be called ‘decentralized’!! But, that was not the only problem faced by the …
NEXT WEEK: We carry on exploring #Bancor’s Data breach, which is still THE crypto hack of 2018, so far and will conclude this Coruscant’ triple-post, too!
Thank you, you’re-far-too-kind :))
By Hermann Djoumessi, MA
ADMP Senior Crypto-Analyst & Community Manager
ADMP is SELF-FUNDED, PLEASE TIP US:
If you like what we do and want to support ADMP and the crypto ecosystem we are trying to build with many startups, then support our effort by tipping us below:
Send mail to: firstname.lastname@example.org
#ADMP on Twitter: #ADMP Awards
#ADMP on Facebook: #AFRIK+DIGITAL MARKETPLACE
#ADMP on Medium: https://medium.com/@admpawards
#ADMP on Reddit : https://www.reddit.com/user/admpawards
#ADMP on GooGle+: Team ADMP
#ADMP on Whatsapp: #ADMP Projects
#ADMP on Linkeldin : AWARDS ADMP