A critical bug in three newly deployed Bancor Network smart contracts caused direct-swap users to grant infinite ERC-20 approvals to a vulnerable contract, allowing approved tokens to be withdrawn from their wallets. Bancor and suspected white hats began moving funds to protect users, but two automated front-runners also joined and successfully front-ran some rescue transactions. The source attributes 62 withdrawal transactions and about $409,656 to the Bancor rescue activity, 16 transactions and $131,889.34 to one front-runner, and four transactions worth $3,340 to another. In total, user wallets were drained for about $545,423, leaving users at risk until they revoked the vulnerable approvals.