March 31, 2023


Your trusted source for crypto news and insights

BonqDAO Protocol Suffers $120 Million Loss in Oracle Hack

3 min read

The BonqDAO, a small decentralized autonomous organization (DAO), experienced a major smart contract exploit resulting in the theft of approximately $120 million from its protocol.

On February 1st, BonqDAO informed its Twitter followers that the Bonq protocol was vulnerable to an oracle hack, which allowed the attacker to manipulate the price of the AllianceBlock (ALBT) token.

According to report from PeckShield, a blockchain security company, the Bonq hack resulted in losses estimated at $120 million. The majority of the loss, $108 million, was from the 98.65 million BEUR tokens while $11 million came from 113.8 million wALBT tokens.

DeBank, a multi-chain portfolio tracker, reported that the biggest transaction of the exploit occurred at 6:32 PM UTC on Feb. 1 and was worth $82.19 million.

The bulk of these high-volume transactions occurred on the Polygon network.

How it Occurred

According to PeckShield, the attacker modified the “updatePrice” function of an oracle in one of BonqDAO’s smart contracts, granting them the ability to distort the value of the wALBT token.

The exploitation of wALBT and BEUR resulted in the hacker swapping $500,000 worth of BEUR for USDC on Uniswap and burning all 113.8 million wALBT to access ALBT.

The first to detect the exploit, “Spreek”, reported that the hacker sold additional BEUR and ALBT for USDC ($500,000) and 144 ETH (236,000).

The value of BEUR and ALBT declined significantly in a short span of time, as noted by PeckShield and others.

BonqDAO has announced that it has temporarily paused its protocol and is working on a recovery solution for its users.

The team is developing a solution that will allow users to withdraw all remaining collateral without repaying BEUR in the troves.

This solution is set to be released tomorrow morning CET. AllianceBlock, the token issuer of ALBT, also confirmed that an exploiter gained access to 113.8 million ALBT tokens.

In response, the team is removing all liquidity from Bonq and has temporarily suspended exchange trading. No smart contracts were compromised on AllianceBlock.

AllianceBlock announced that they would mint new ALBT tokens to compensate those affected by the exploit until the time of the announcement.

“BonqDAO is a decentralized autonomous organization that offers self-sovereign financial services, allowing individuals and businesses to access interest-free services without losing control of their assets.

AllianceBlock, on the other hand, is a decentralized infrastructure platform bridging traditional finance and Web3 applications.”

Source link