- Protocol suffered an oracle hack, enabling the attacker to manipulate the price of the ALBT token
- Hacker stole BEUR tokens worth $108 million and wrapped-ALBT tokens worth $11 million
BonqDAO, a small decentralized autonomous organization (DAO) providing autonomous financial services to companies and individuals without interest, suffered a serious smart contract exploit, resulting in a loss of around $120 million from its protocol, CoinTelegraph reported.
DAO was exposed to a massive oracle hack
On February 1, BonqDAO tweeted that its protocol had suffered an oracle hack, enabling the attacker to manipulate the price of the ALBT token, issued by AllianceBlock. AllianceBlock is a platform that connects Web3 apps with traditional financial institutions.
The goal of an oracle hack is to gain unauthorized access to sensitive information stored in the system, which could include confidential data such as financial information, personal data of clients, or intellectual property. This type of attack often exploits vulnerabilities in the software or configuration.
Losses were from BEUR and ALBT tokens
Blockchain security company PeckShield conducted an independent analysis, according to which Bonq lost an estimated $120 million. The hacker stole just under 99 million BEUR tokens worth $108 million and 114 million wrapped-ALBT tokens worth $11 million. The biggest exploit occurred at 18:30 UTC on February 1. The highest number of transactions were on Polygon.
Mechanism of the attack
PeckShield clarified that the attacker changed the oracle’s price function in one of the DAO’s smart contracts. After that, they manipulated the wrapped-ALBT token price, provoking the exploit of the tokens.
The exploiter then swapped BEUR worth around half a million dollars for USDC on Uniswap. He unlocked ALBT by burning all the wrapped-ALBT tokens.
Analysts noted that the prices of the ALBT and BEUR tokens swiftly plummeted.
Is recovery possible?
BonqDAO tweeted that they had suspended protocol operations and were working on ways to recover the lost funds.
AllianceBlock tweeted the loss to its followers on February 1, adding they would mint new ALBT tokens for users who lost their assets.
Bonq’s team is working on removing liquidity from the protocol. They have also suspended exchange trading, adding that AllianceBlock did not suffer a smart contract exploit.