BEUR and ALBT token prices tumbled Tuesday – in the fallout from a major hack exploiting the BonqDAO DeFi protocol.
The exploit targeted one of the Decentralised Autonomous Organisation’s (DAO) smart contracts.
Attackers made off with an estimated $120m in loot.
Leading crypto security analysists at PeckShield broke down how the exploit happened.
BonqDAO Heist: The Raid
Crypto hackers identified a vulnerability in the coding of a BonqDAO smart contract.
The target was a price oracle contract – responsible for supplying a live-feed of data (market price, volume, etc.) to the blockchain.
Once into the smart contract, this allowed criminals to alter the UpdatePrice function. One altered this enables the manipulation of token pricing.
In this case they targeted wALBT (wrapped Alliance Block Token).
AllianceBlock is an ecosystem developed to bridge TradFi capital with DeFi products. ALBT is the native token used for exchange and governance.
Price manipulation increased the value of wALBT, and these new riches minted over 100m BEUR tokens.
BEUR is the native low-volatility utility token, used for settlement on BonqDAO.
Further manipulation of the wALBT price oracle saw thieves liquidate 33 token troves.
The @BonqDAO is exploited and its price oracle is manipulated to increase the #WALBT price. Here is the example hack tx: https://t.co/YPxXMr2nkf pic.twitter.com/XrzExHY6m1
— PeckShield Inc. (@peckshield) February 1, 2023
BonqDAO Heist: The Take
With their loot bags loaded, the hackers then made off with illict gains of 113.8M wALBT and 98m BEUR.
The take was quickly divided. BEUR swapped for USDC (using Uniswap) saw $500k realised.
All 113.8m wALBT burned to unlock ALBT.
Then more token dumping to net another $500k in USDC, and $236k in Ethereum (144 ETH).
By this point late-night markets were reeling. Prices tumbled dramatically – wALBT decimated with a -51% drop, and BEUR plummeting -34%.
BonqDAO Heist: The Discovery
BonqDAO moved to address the attack almost instantly.
Bonq protocol was exposed to an oracle hack, where exploiter increased the ALBT price and minted large amounts of BEUR. The BEUR was then swapped for other tokens on Uniswap. Then, the price was decreased to almost zero, which triggered the liquidation of ALBT troves.
— BonqDAO (@BonqDAO) February 1, 2023
In an online disclosure, the team highlighted all remaining assets were secure and unaffected. The majority of token troves aren’t vulnerable.
Meanwhile, pausing the BonqDAO protocol has temporarily suspended activities on the platform.
The team are working to enable user withdrawals without replacing the stolen BEUR troves. This should happen today.
AllianceBlock is working through a snapshot of user’s balances before the attack. Plans are underway for the minting of an airdrop of replacement ALBT tokens for victims.
Bitcoin Price Prediction as Fed Interest Rate Decision is Revealed – New Bull Market Starting?
UK Premier League Faces Criticisms For Signing NFT Deal With Sorare
10+ Best Altcoins to Invest in 2023 – Which New Altcoins to Buy?
Discuss This Article
Add a New Comment /Reply
Thanks for adding to the conversation!
Our comments are moderated. Your comment may not appear immediately.