Reports said that a small decentralized autonomous organization (DAO) BonqDAO has suffered a rather sizeable smart contract exploit, leading to an estimated $120 million being stolen from its protocol.
It has been reported that its Bonq protocol was exposed to an oracle hack that allowed the exploiter to manipulate the price of the AllianceBlock (ALBT) token.
However, an independent analysis from blockchain security firm PeckShield has estimated the loss from the Bonq hack to be around $120 million, comprising $108 million from 98.65 million BEUR tokens and $11 million from 113.8 million wrapped-ALBT (wALBT) tokens.
While the exploit took effect over several transactions, the largest was $82.19 million at 6:32 pm UTC time on February 1, according to multichain portfolio tracker DeBank. Most of the high-scale transactions took place on the Polygon network.
The report said that PeckShield explained that the exploiter was able to change the updatePrice function of the oracle in one of BonqDAO’s smart contracts, which meant that they were able to manipulate the price of the wALBT token.
Likewise, this triggered the exploitation of the wALBT and BEUR. The hacker then swapped about $500,000 worth of BEUR for USDC on Uniswap before burning all 113.8 million wALBT to unlock ALBT. On-chain security observer “Spreek” — who was one of the first to spot the exploit — told his 18,800 Twitter followers that the exploiter later dumped more BEUR and ALBT tokens for $500,000 in USDC and 144 ETH ($236,000).
AllianceBlock — the token issuers of ALBT — also shared the news on Feb. 1, explaining to its 51,300 Twitter followers that an exploiter managed to gain access to 113.8 million ALBT tokens.
Thus, the team is in the process of removing all liquidity on Bonq and has halted exchange trading, it said, adding that no smart contracts were exploited on AllianceBlock.