How was BonqDAO Protocol Exploited

4 min read
Bonq DAO protocol exploited

How was BonqDAO protocol hacked by an exploiter due to price manipulation, and oracle hack?

TL;DR#

On February 1, 2023, the BonqDAO protocol was exploited due to price manipulation of AllianceBlock tokens, caused as a result of an Oracle hack, with the estimated losses totaling roughly $120 million.

Introduction to BonqDAO Protocol#

BonqDAO aims to provide interest-free self-sovereign financial services to individuals and businesses while maintaining ownership of their assets.

AllianceBlock is a platform for decentralized infrastructure that connects traditional financial institutions to Web3 applications.

Vulnerability Assessment#

The root cause of the vulnerability is due to an oracle hack which allowed the exploiter to manipulate the price of AllianceBlock's $ALBT token.

Steps#

Step 1:

BonqDAO announced on Twitter that the protocol had been exploited by an Oracle hack, in which an exploiter raised the price of $ALBT tokens and minted a large number of $BEUR tokens.

Step 2:

The $BEUR tokens were then swapped for other tokens on Uniswap, and the price was reduced to almost zero, resulting in the liquidation of $ALBT troves.

Step 3:

We took a closer look at one of the attack transactions executed by the exploiter.

Step 4:

The exploiter was able to modify the updatePrice function of the oracle in one of BonqDAO's smart contracts, allowing them to manipulate the $WALBT token's price.

Step 5:

By manipulating the price of $WALBT tokens, the exploiter is able to mint approximately 100 million $BEUR tokens.

Bonq exploiter mint beur tokens

Step 6:

This led to the exploitation of the $WALBT and $BEUR tokens. The hacker then swapped around $500,000 worth of $BEUR tokens for $USDC on Uniswap before burning all 113.8 million $WALBT tokens in order to unlock $ALBT tokens.

Step 7:

At the time of this writing, the exploiter's address is holding assets valued $87,765,439, which includes approximately 711 $ETH, 534,481 $DAI, 89.2 million $ABLT, and more than 98 million $BEUR tokens.

Bonq exploiter assets value

Aftermath#

Following the incident, the price of $WALBT tokens dropped by more than 50%, while the price of $BEUR tokens plummeted by 34%.

BonqDAO stated that the protocol had been paused and that a fix was being incorporated that would let users withdraw the remaining collateral without having to pay back $BEUR to the troves.

AllianceBlock also reported that the incident is limited to the BonqDAO troves and that none of their smart contracts were compromised. The team is now removing all liquidity from Bonq and has ceased exchange trading. Additionally, they disclosed that they would mint new $ALBT tokens for those affected by the exploit.

Solution#

The exploit that struck BonqDAO is a stark reminder of the intricate vulnerabilities inherent within decentralized protocols. BonqDAO, designed to offer interest-free financial services, found itself at the mercy of a hacker due to an Oracle hack, a potent vector allowing for manipulation of the price of AllianceBlock's $ALBT token. This led to a cascading impact, with an astronomical loss of $120 million.

The sophisticated nature of Oracle hacks stems from their ability to affect the price feed itself, a foundational element in the DeFi world. By compromising this price feed, the attacker can induce a false sense of market dynamics, leading protocols to operate based on incorrect information. In the BonqDAO incident, the manipulation of the ALBT token price was craftily exploited to mint an inordinate amount of BEUR tokens, resulting in widespread liquidation and a precipitous drop in asset prices.

Such breaches, although technical in nature, can be mitigated to a significant extent by leveraging decentralized Oracle systems like ChainLink. ChainLink, with its decentralized approach to price feeds, can provide a more resilient and tamper-resistant mechanism, ensuring that single points of failure are eliminated and data integrity is maintained.

However, even with the most sophisticated technological solutions in place, there remains an element of risk. This is where Neptune Mutual steps in as a vital safety net. Had the BonqDAO protocol team preemptively established a cover pool within Neptune Mutual's marketplace, the ensuing chaos post-hack could have been substantially attenuated. Neptune Mutual stands at the forefront of offering coverage for smart contract vulnerabilities, providing a cushion to users through its parametric policies.

Our unique offering ensures that affected users are insulated from the tediousness of substantiating their claims. Once an incident concludes its resolution process, it is immediately eligible for compensation. Our platform's versatility, present on Ethereum and Arbitrum, ensures wide accessibility for users.

Furthermore, the importance of a comprehensive security framework can't be overstated. Beyond mere insurance, Neptune Mutual’s dedicated security team brings to the table a holistic approach to platform safety. With assessments ranging from DNS and web-based security to backend fortifications, we strive for a multi-layered defense strategy. Our expertise in intrusion detection and prevention acts as an additional bulwark, aiming to prevent such vulnerabilities from being exploited in the first place.

Reference Sources PeckShield

By

Tags