BonqDAO protocol suffers $120M loss after oracle hack

by Jeremy

A small-scale decentralized autonomous group (DAO) has suffered a slightly sizeable sensible contract exploit resulting in an estimated $120 million being stolen from its protocol.

BonqDAO, which is behind the Bonq protocol, informed its Twitter followers on Feb. 1 that its protocol was uncovered to an oracle hack that allowed the exploiter to control the value of the AllianceBlock (ALBT) token.

An impartial evaluation from blockchain safety agency PeckShield has estimated the loss from the Bonq hack to be round $120 million, comprising $108 million from 98.65 million BEUR tokens, and $11 million from 113.8 million wrapped-ALBT (wALBT) tokens.

Whereas the exploit took impact over a number of transactions, the most important was $82.19 million at 6:32pm UTC time on Feb. 1, in accordance to multi-chain portfolio tracker DeBank.

Many of the high-scale transactions passed off on the Polygon community.

The way it occurred

PeckShield defined that the exploiter was capable of change the updatePrice perform of the oracle in one in all BonqDAO’s sensible contracts which meant that they have been capable of manipulate the value of the wALBT token.

This triggered the exploitation of the wALBT and BEUR. The hacker then swapped about $500,000 value of BEUR for USDC on Uniswap earlier than burning all 113.8 million wALBT to unlock ALBT.

On-chain safety observer “Spreek” — who was one of many first to identify the exploit — acknowledged to his 18,800 Twitter followers that the exploiter later dumped extra BEUR and ALBT tokens for some USDC ($500,000) and 144 ETH (236,000).

PeckShield and others famous that the value of the BEUR and ALBT tokens went down significantly in a brief time period:

In a comply with up tweet, BonqDAO stated it has paused the protocol and is engaged on a restoration answer.

“Different troves stay unaffected. Bonq protocol has been paused. We’re engaged on an answer that may enable customers to withdraw all remaining collateral with out repaying BEUR within the troves. It will likely be launched tomorrow morning CET,” it stated.

AllianceBlock — the token issuers of ALBT — additionally shared the information on Feb. 1, explaining to its 51,300 Twitter followers that an exploiter managed to achieve entry to 113.8 million ALBT tokens.

The crew is within the strategy of eradicating all liquidity on Bonq and has halted trade buying and selling, it stated, including that no sensible contracts have been exploited on AllianceBlock.

The announcement from AllianceBlock additionally added that they’d mint new ALBT tokens to these impacted by the exploit up till the time of the announcement.

Associated: Tribe DAO votes in favor of repaying victims of $80M Rari hack

BonqDAO is a decentralized autonomous group (DAO) which goals to offer self-soverign monetary companies to people and companies interest-free with out giving up possession of their belongings.

AllianceBlock is a decentralized infrastructure platform that connects conventional monetary establishments to Web3 purposes.