Million-dollar losses from the BonqDAO hack

Hackers managed to make off with $120 million by hacking into Oracle, allowing them to manipulate the AllianceBlock token price in their favor

Seguridad February 2
Kimberly Rodriguez Medina

The crypto world does not take days off and neither do hackers. Unlike a physical business, the internet never closes and, to top it off, cybercriminals are doing their "job" better every time. The cryptographic industry has seen confidence in the sector diminish and not only due to the collapse of FTX or other agents in the crypto world, but also due to hacks.

Attackers do not usually break a blockchain, because this would require a great computational cost and energy usage, with no guarantee of success. Instead, they focus on the parties attached to the blockchain infrastructure and the BonqDAO hack is one such example, which kicked off February with a loss of $120 million in a single day.

BonqDAO suffered millions in losses after the exploit and the first step was to alert the community. On the night of February 1, 2023, the Bonq decentralized finance protocol suffered a hack attack by a hacker known as Oracle. The attacker exploited a vulnerability in the system to mint large amounts of the BEUR coin and increase the price of ALBT, triggering the liquidation of ALBT's treasuries.

Rebuilding the ecosystem

Right after the hack ended, the ALBT price dropped to zero, causing a massive loss for users who had invested in ALBT treasures. Despite the fact that other treasures were not affected, the protocol claims to have paused its activity, while the teams work on a solution. The goal is for users to be able to withdraw all remaining collateral without having to repay BEUR in treasuries, according to the protocol.

Post-mortem analysis: PeckShield

PeckShield, the cybersecurity firm, was quick to issue a detailed analysis of the facts. According to his research, the attacker exploited a vulnerability in the Bonq protocol to increase the price of ALBT, the update price function and minted large amounts of BEUR. In fact, the largest transaction was $82.19 million at 6:32 p.m. m. UTC time and most transfers were made on the Polygon network.

The attacker further manipulated the ALBT price and liquidated a significant amount of BEUR for USDC on Uniswap, before withdrawing the illicit proceeds with tokens worth more than $10 million. As a result, the ALBT price fell by more than 50% and the BEUR price fell by 34%.

This attack demonstrates how important security is in decentralized financing protocols and, above all, makes clear the need to take adequate measures to protect user funds. The Bonq teams are working hard to resolve the situation and provide a solution to the affected users, but of course, their quick action has been a decisive factor.