• A decentralized autonomous organization (DAO) called BonqDAO has suffered a smart contract exploit, leading to an estimated $120 million being stolen from its protocol.
• The exploit allowed the exploiter to manipulate the price of the AllianceBlock (ALBT) token, leading to large-scale transactions on the Polygon network.
• An independent analysis from blockchain security firm PeckShield estimated the loss from the Bonq hack to be around $120 million, comprising $108 million from BEUR tokens and $11 million from wALBT tokens.
The decentralized autonomous organization (DAO) known as BonqDAO has recently suffered a devastating smart contract exploit, leading to an estimated $120 million being stolen from its protocol. The malicious actor was able to manipulate the price of the AllianceBlock (ALBT) token, leading to a large number of transactions on the Polygon network.
An independent analysis from blockchain security firm PeckShield estimated the total loss from the Bonq hack to be around $120 million, comprising $108 million from 98.65 million BEUR tokens, and $11 million from 113.8 million wrapped-ALBT (wALBT) tokens.
The malicious actor was able to exploit the Bonq protocol by manipulating the price of the wALBT token. This was made possible by exploiting the updatePrice function of the oracle in one of BonqDAO’s smart contracts. Through this exploit, the malicious actor was able to increase the price of the ALBT token and mint large amounts of BEUR.
The BEUR was then swapped for other tokens on Uniswap, and then the price was decreased to nearly zero, which triggered the liquidation of ALBT troves. The largest transaction was $82.19 million at 6:32 pm UTC time on Feb. 1, according to multichain portfolio tracker DeBank.
The BonqDAO team is currently working with numerous security teams to investigate the hack and to ensure that a similar exploit will not occur in the future. They are also working to provide compensation to impacted users, and have asked users to contact them if they have been affected.
The BonqDAO team has also stated that they plan to implement additional security measures to help prevent any future exploits, as well as ensure that their protocols remain secure. In addition, they are also looking into ways to improve the oracle system, and are working with the AllianceBlock team to ensure that the ALBT token remains secure.
The BonqDAO team has also stated that they plan to release a full post-mortem of the incident in the near future. This post-mortem will provide more details on the incident and the actions taken to prevent any future exploits from occurring.
The BonqDAO incident serves as a stark reminder of the importance of security measures in the cryptocurrency space. While the security of decentralized protocols is often touted as one of the key advantages of blockchain-based systems, the BonqDAO incident serves as a reminder of the risks associated with these systems, and the need for users to remain vigilant when using them.