A somewhat modest decentralized autonomous organization (DAO) has been the victim of a rather significant brilliant contract hack, which has resulted in the theft of around 120 million dollars from its protocol. According to Peckshield’s research, an oracle hack gave the exploiter the ability to control the price of the AllianceBlock token, which resulted in a loss of around 120 million dollars.
The exploiter was able to control the price of the AllianceBlock (ALBT) token after BonqDAO informed its Twitter followers on February 1 that an oracle breach had compromised its Bonq protocol. This enabled the exploiter to steal tokens.
How the hack was carried out
According to the findings of an independent investigation conducted by the blockchain security company PeckShield, the amount of money stolen in the Bonq hack was approximately $120 million. This figure was calculated by subtracting $108 million from 98.65 million BEUR tokens and $11 million from 113.8 million wrapped-ALBT (wALBT) tokens.
Multichain portfolio tracker DeBank, also states that the most significant transaction using the exploit took place on February 1 at 6:32 pm UTC and included the sum of $82.19 million. On the majority of occasions, high-scale transactions were carried out over the Polygon network.
PeckShield clarified that the hacker could alter the update price feature of the oracle in one of BonqDAO’s smart contracts, which implied that they could manipulate the wALBT token. This was possible since the hacker could access contract’sct’s source code.
Because of this, the exploitation of the wALBT and the BEUR was activated. After that, the hacker used Uniswap to convert around $500,000 worth of BEUR into USDC before destroying all 113.8 million wALBT to unlock ALBT.
On-chain security observes” spreek,” who was among the first to spot the attack vector, informed his 18,800 Twitter followers that the hacker later decided to dump more BEUR and ALBT tokens for $500,000 in USDC and 144 ETH, which is equivalent to $236,000 in total value” e. “Sp” eek” was one of the first to spot the exploit.
PeckShield and other people have noticed that the price of BEUR and ALBT tokens has dropped significantly in a concise period:
A follow-up tweet from BonqDAO said that the protocol had been halted and that the organization was working on a recovery solution. Other treasure troves have not been harmed in any way. The Bonq procedure is now on hold”
“We are working on a solution enabling consumers to withdraw any leftover collateral without first refunding any BEUR held in the troves. It is scheduled to be made available tomorrow at tweo’clocklock “ET,” it claimed.
AllianceBlock falls victim to BonqDao’s hack
Amid the recent hack, an exploiter was additionally able to obtain access to 113.8 million ALBT tokens, which was the news that AllianceBlock, the company that issued the ALBT tokens, conveyed with its 51,300 followers on Twitter on February 1. AllianceBlock is the company that created the ALBT currency.
According to the statement, trading on the exchange has been paused, and the team has begun withdrawing all liquidity from Bonq. It also said that no smart contracts were abused on AllianceBlock.
In addition, the notification made by AllianceBlock said that the company would create additional ALBT tokens and distribute them to those users who were affected by the exploit up to the time the news was made.
BonqDAO is a decentralized autonomous group with the mission of providing people and companies with the opportunity to engage in self-sovereign financial transactions that are free of interest and do not need the transfer of ownership of their assets. AllianceBlock is a decentralized infrastructure platform that links Web3 apps to conventional financial institutions.
