BanklessTimes
Home News BonqDAO Loses $120M in Exploit, Most Transactions on Polygon

BonqDAO Loses $120M in Exploit, Most Transactions on Polygon

Daniela Kirova
Daniela Kirova
Daniela Kirova
Author:
Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.
February 2nd, 2023
  • Protocol suffered an oracle hack, enabling the attacker to manipulate the price of the ALBT token
  • Hacker stole BEUR tokens worth $108 million and wrapped-ALBT tokens worth $11 million

BonqDAO, a small decentralized autonomous organization (DAO) providing autonomous financial services to companies and individuals without interest, suffered a serious smart contract exploit, resulting in a loss of around $120 million from its protocol, CoinTelegraph reported.

DAO was exposed to a massive oracle hack

On February 1, BonqDAO tweeted that its protocol had suffered an oracle hack, enabling the attacker to manipulate the price of the ALBT token, issued by AllianceBlock. AllianceBlock is a platform that connects Web3 apps with traditional financial institutions.

The goal of an oracle hack is to gain unauthorized access to sensitive information stored in the system, which could include confidential data such as financial information, personal data of clients, or intellectual property. This type of attack often exploits vulnerabilities in the software or configuration.

Losses were from BEUR and ALBT tokens

Blockchain security company PeckShield conducted an independent analysis, according to which Bonq lost an estimated $120 million. The hacker stole just under 99 million BEUR tokens worth $108 million and 114 million wrapped-ALBT tokens worth $11 million. The biggest exploit occurred at 18:30 UTC on February 1. The highest number of transactions were on Polygon.

Mechanism of the attack

PeckShield clarified that the attacker changed the oracle’s price function in one of the DAO’s smart contracts. After that, they manipulated the wrapped-ALBT token price, provoking the exploit of the tokens.

The exploiter then swapped BEUR worth around half a million dollars for USDC on Uniswap. He unlocked ALBT by burning all the wrapped-ALBT tokens.

Analysts noted that the prices of the ALBT and BEUR tokens swiftly plummeted.

Is recovery possible?

BonqDAO tweeted that they had suspended protocol operations and were working on ways to recover the lost funds.

AllianceBlock tweeted the loss to its followers on February 1, adding they would mint new ALBT tokens for users who lost their assets.

Bonq’s team is working on removing liquidity from the protocol. They have also suspended exchange trading, adding that AllianceBlock did not suffer a smart contract exploit.

Contributors

Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.