Malicious actors strike again, this time targeting decentralized autonomous organization (DAO).
BonqDAO, an on-chain, non-custodial, and decentralized liquidity protocol that uses a collateralized, low-volatility payment coin (BEUR), has been exploited and reportedly lost around $120 million.
According to the tweet shared by BonqDAO on February 1st, the decentralized autonomous organization’s protocol was “exposed to an oracle hack,” which allowed malicious actors to manipulate the price of AllianceBlock’s native token, AKBT.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is a Liquidity Pool in Crypto? (Animated)
Blockchain security firm PeckShield, as always, was one of the first to investigate and comment on crypto-related hacks. This exploit was no exception.
In its Twitter thread, PeckShield revealed that malicious actors were able to access one of BonqDAO’s smart contracts and change its price oracle to manipulate the price of the wALBT token.
The manipulation of price allowed hackers to exploit both wALBT and BEUR tokens. Based on PeckShield, after obtaining funds from BonqDAO, hackers swapped around $500,000 worth of BEUR to USD Coin (USDC) via Uniswap. The hackers didn’t stop there. After the swap on Uniswap, malicious actors burned 113.8 million wALBT to unlock ALBT.
Another on-chain security entity, Spreek, claimed that hackers swapped more BEUR and ALBT tokens to receive $500,000 USDC and 144 Ethereum (ETH).
Therefore, PeckShield estimated that malicious actors managed to drain the protocol of around $120 million, including $108 million from 98.7 million BEUR tokens and $11 million from 114 million wrapped-ALBT (wALBT).
It is believed that the hacker drained the protocol through several transactions. However, multichain tracker DeBank revealed that the largest transaction was valued at approximately $84 million.
BonqDAO finished its Twitter thread by reassuring customers that “other troves remain unaffected.”
Other troves remain unaffected. Bonq protocol has been paused. We’re working on a solution that will allow users to withdraw all remaining collateral without repaying BEUR in the troves.
The exploit drastically impacted the prices of ALBT and BEUR tokens. At the time of writing, AllianceBlock’s native token, ALBT, retails for $0,0486, recording a 55.93% price decrease. Moreover, Bonq Euro (BEUR) retails for $0.8577, marking a 22.25% drop in price.