Wednesday, May 29, 2024

BonqDAO suffered a $120 million loss after the Oracle hack


A small-scale decentralized autonomous organization (DAO) suffered a fairly large smart contract exploit that led to an estimated $120 million of its protocol being stolen.

BonqDAO, the company behind the Bonq protocol, told its Twitter followers on February 3. 1 that its protocol was subjected to an oracle hack that allowed a scalper to manipulate the price of the AllianceBlock (ALBT) token.

independent analysis From blockchain security firm PeckShield the loss from the Bonq hack is estimated to be around $120 million, comprising $108 million from 98.65 million BEUR tokens, and $11 million from 113.8 million ALBT (wALBT) tokens.

While the exploit is in effect on several transactions, the largest was $82.19 million at 6:32 PM UTC on February 3. 1, according to DeBank multi-chain wallet tracker.

Most of the large scale transactions took place on the Polygon network.

how did that happen

PeckShield explained that the exploiter was able to change the update price function of oracle in one of the BonqDAO smart contracts which means he was able to manipulate the price of the wALBT token.

This led to exploits of WALBT and BEUR. The hacker then exchanged $500,000 worth of BEUR for USDC on Uniswap before burning 113.8 million wALBT to open ALBT.

On-chain security controller “Spreak” – who was one of the first to discover the vulnerability – advertiser It was reported to his 18,800 Twitter followers that the scalper later dumped more BEUR and ALBT tokens for some USDC ($500,000) and $144. ETH (236,000).

PeckShield and others note that the price of the BEUR and ALBT tokens has dropped dramatically in a short period of time:

In a follow-up tweet, BonqDAO said it has paused the protocol and is working on a recovery solution.

“Other burial is not affected. The Bonq protocol has been paused. We are working on a solution that will allow users to withdraw all remaining collateral without paying BEUR in payments. It will be released tomorrow morning CET.”

AllianceBlock – the issuers of ALBT tokens – also shared the news on February 23 as well. 1, explaining to his 51,300 Twitter followers that a scalper gained access to 113.8 million ALBT tokens.

The team is in the process of removing all liquidity on Bonq and halting exchange trading, it said, adding that no smart contracts have been exploited in AllianceBlock.

AllianceBlock’s announcement also added that they will be issuing new ALBT tokens for those affected by the exploit as of the time of the announcement.

Related: The DAO tribe is voting to compensate the victims of the RARY hack at $80 million

BonqDAO is a decentralized autonomous organization (DAO) that aims to provide interest-free, self-sovereign financial services to individuals and companies without giving up ownership of their assets.

AllianceBlock is a decentralized infrastructure platform that connects traditional financial institutions with Web3 applications.