A smart contract hack that affected a small decentralized autonomous organization (DAO) resulted in the theft of almost $120 million from its protocol. On February 1, BonqDAO informed its Twitter followers that an oracle attack had compromised the Bonq protocol, allowing the exploiter to control the AllianceBlock (ALBT) token’s price.
The loss from the Bonq attack was estimated to be around $120 million by blockchain security company PeckShield, consisting of $108 million from 98.65 million BEUR tokens and $11 million from 113.8 million wrapped-ALBT (wALBT) tokens. According to multichain portfolio tracker DeBank, the exploit affected a number of transactions, the largest of which was $82.19 million at 6:32 PM UTC on February 1.
BonqDAO Suffered A Major Oracle Hack
According to PeckShield, the exploiter was able to alter the updatePrice function of the oracle in one of BonqDAO’s smart contracts, which allowed them to control the wALBT token’s price. The exploitation of the wALBT and BEUR was sparked by this. The hacker then burned all 113.8 million wALBT to unlock ALBT after exchanging around $500,000 worth of BEUR for USDC on Uniswap.
One of the early exploit spotters, “Spreek,” informed his 18,800 Twitter followers that the exploiter later sold additional BEUR and ALBT tokens for $500,000 in USDC and 144 ETH ($236,000). PeckShield and others observed that the BEUR and ALBT coins’ prices dropped significantly within a short period of time.
On February 1, ALBT’s token issuer, AllianceBlock, also announced the information, informing its 51,300 Twitter followers that an exploiter had been able to obtain 113.8 million ALBT tokens. The company added that no smart contracts were exploited on AllianceBlock and that it is working to remove all liquidity from BonqDAO. It has also stopped the exchange trade.