By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts.
On February 1, 2023, the BonqDAO protocol was exploited due to price manipulation of AllianceBlock tokens, caused as a result of an Oracle hack, with the estimated losses totaling roughly $120 million.
BonqDAO announced on Twitter that the protocol had been exploited by an Oracle hack, in which an exploiter raised the price of $ALBT tokens and minted a large number of $BEUR tokens.
Step 2:
The $BEUR tokens were then swapped for other tokens on Uniswap, and the price was reduced to almost zero, resulting in the liquidation of $ALBT troves.
The exploiter was able to modify the updatePrice function of the oracle in one of BonqDAO's smart contracts, allowing them to manipulate the $WALBT token's price.
Step 5:
By manipulating the price of $WALBT tokens, the exploiter is able to mint approximately 100 million $BEUR tokens.
Step 6:
This led to the exploitation of the $WALBT and $BEUR tokens. The hacker then swapped around $500,000 worth of $BEUR tokens for $USDC on Uniswap before burning all 113.8 million $WALBT tokens in order to unlock $ALBT tokens.
Step 7:
At the time of this writing, the exploiter's address is holding assets valued $87,765,439, which includes approximately 711 $ETH, 534,481 $DAI, 89.2 million $ABLT, and more than 98 million $BEUR tokens.
Following the incident, the price of $WALBT tokens dropped by more than 50%, while the price of $BEUR tokens plummeted by 34%.
BonqDAO stated that the protocol had been paused and that a fix was being incorporated that would let users withdraw the remaining collateral without having to pay back $BEUR to the troves.
AllianceBlock also reported that the incident is limited to the BonqDAO troves and that none of their smart contracts were compromised. The team is now removing all liquidity from Bonq and has ceased exchange trading. Additionally, they disclosed that they would mint new $ALBT tokens for those affected by the exploit.
Attacks of such nature leading to oracle price manipulation could have been regulated to a greater extent using data providers like ChainLink.
We may not have prevented the occurrence of this hack, however the impact or aftermath of this attack could have been significantly reduced if the team associated with BonqDAO protocol had set up a dedicated cover pool in the Neptune Mutual marketplace. We offer coverage to users who have suffered a loss of funds or digital assets occurring as a result of smart contract vulnerabilities owing to our parametric policies.
Users who purchase the available parametric cover policies do not need to provide loss evidence in order to receive payouts. Payouts can be claimed as soon as an incident is resolved through the incident resolution system. At the moment, our marketplace is available on two popular blockchain networks, Ethereum, and Arbitrum.
Neptune Mutual's security team would also have evaluated the platform for DNS and web-based security, frontend and backend security, intrusion detection and prevention, and other security considerations.
We have sent email confirmation. Please confirm to receive our
newsletter.
Unfortunately, something went wrong while trying to complete your
request. Please try again later. If the problem persists, do not
hesitate to let us know through the community channels.
