• BonqDAO, a self-sovereign financial services provider, suffered a $120 million loss when a hacker exploited its oracle to manipulate the price of AllianceBlock tokens.
• The hacker managed to change the updatePrice function of the oracle in one of BonqDAO’s smart contracts and withdraw the illicit gains.
• Following the hack, the team behind AllianceBlock paused all exchange trading and are working on a solution to allow users to withdraw all remaining collateral without repaying BEUR in the troves.
Self-sovereign financial services provider BonqDAO suffered a devastating loss of $120 million when a hacker exploited its oracle to manipulate the price of AllianceBlock tokens. The incident was revealed by blockchain security firm PeckShield in a tweet on Thursday.
According to the PeckShield analysis, the hacker managed to change the updatePrice function of the oracle in one of BonqDAO’s smart contracts. This allowed them to increase the price of AllianceBlock tokens, after which the hacker withdrew the illicit gains with 113.8 million WALBT and 98 million BEUR tokens, worth a combined $10 million. The hacker then dumped these tokens, resulting in a major drop in their prices, with WALBT dropping by more than 50% and BEUR dropping by 34%.
The official Twitter account of BonqDAO confirmed the hack in a tweet, saying that the exploiter had “increased the ALBT price and minted large amounts of BEUR. The BEUR was then swapped for other tokens on Uniswap. Then, the price was decreased to almost zero, which triggered the liquidation of ALBT troves.”
In response to the incident, the team behind AllianceBlock released an announcement in which they stated that they were in the process of removing the liquidity and halting all exchange trading. They also added that they were working on a solution to allow users to withdraw all remaining collateral without repaying BEUR in the troves, which was expected to be released the following morning.
The incident serves as a reminder of the importance of security in the blockchain space, as it is too easy for malicious actors to take advantage of vulnerabilities and exploit them for their own gain. It is therefore essential for developers to remain vigilant and to ensure that their systems are secure to prevent similar incidents from occurring in the future.