$108M worth of BEUR tokens (98.65 million) and $11M worth of wrapped-ALBT stolen.
BonqDAO said that it had temporarily halted the protocol.
An estimated $120 million was taken from the protocol of a tiny decentralized autonomous organization (DAO). Due to a pretty large smart contract vulnerability. On February 1st, BonqDAO informed its Twitter followers of an oracle attack that compromised the Bonq protocol. And enabled the exploiter to influence the price of the AllianceBlock (ALBT) token.
According to research conducted by blockchain security company PeckShield, the total value of tokens stolen in the Bonq attack was around $120 million. This included $108 million worth of BEUR tokens (98.65 million) and $11 million worth of wrapped-ALBT (wALBT) tokens (113.80 million).
Manipulation of Price
Moreover, according to multichain portfolio tracker DeBank, the biggest transaction impacted by the vulnerability occurred on February 1 at 6:32 pm UTC and involved $82.19 million. Most large-scale trades occurred on the Polygon network.
According to PeckShield, the attacker tampered with the price of the wALBT token by altering the updatePrice function of the oracle in one of BonqDAO’s smart contracts.
Because of this, the wALBT and BEUR were targeted for exploitation. The hacker then burned all 113.8 million wALBT to unlock ALBT after exchanging around $500,000 worth of BEUR for USDC on Uniswap.
An early witness of the hack, “Spreek,” reported to his 18,800 Twitter followers that the exploiter had sold more BEUR and ALBT tokens for $500,000 in USDC and 144 ETH ($236,000) thereafter. PeckShield and others saw a precipitous decline in the value of BEUR and ALBT tokens. In a subsequent tweet, BonqDAO said that it had temporarily halted the protocol while it worked on a recovery plan.