Key Points:

• As reported by SlowMist, 946,000 ALBT have been converted into 695 ETH, while 558,000 BEUR have been converted into 534,000 DAI.
• 113 million WALBT have been burned on the Polygon chain and ALBT have been withdrawn from the ETH chain, with some of the ALBT being converted to ETH via 0x.

SlowMist’s security team published a summary of the attack on the BonqDAO project. The attacker exploited the oracle to quote the required collateral, which was the fundamental cause of the attack.

The attackers amassed a substantial amount of WALBT and BEUR tokens (113 million WALBT, 98.65 million BEUR). So far, 946,000 ALBT have been converted into 695 ETH, while 558,000 BEUR have been converted into 534,000 DAI. Hackers continue to convert ALBT to ETH, but no funds have been discovered to be transmitted to exchanges or other platforms.

Firstly, the BonqDAO platform’s oracle source is the TellorFlex self-feed price to Chainlink price ratio. One of TellorFlex’s key limitations is that price reporters must mortgage 10 TRB before reporting price updates. The updateStakeAmount function in TellorFlex can be used to periodically update the amount of TRB that the price reporter needs to mortgage based on the price of the collateral.

Secondly, because the TRB mortgage amount of the TellorFlex oracle contract was initially set to 10 and was not modified via the updateStakeAmount function, the attacker only has to mortgage 10 TRB to become a price reporter and change the price of WALBT tokens in the oracle by using the submitValue function.

Then, the attacker changed the price and used the Bonq contract’s createTrove method to make a trove for the attack contract. The trove contract’s primary job is to record the user’s collateral status, debt status, market borrowing, liquidation, and so on.

After which, the price of WALBT tokens was adjusted and raised immediately after the attacker completed a mortgage operation in the protocol and then called the borrow function to borrow, causing the protocol to mint a large quantity of BEUR tokens for the attacker.

In another assault transaction, the attacker employed the same strategy to change the price of WALBT and subsequently liquidated other market users with liabilities to gain a significant number of WALBT tokens.

According to SlowMist MistTrack analysis, 113 million WALBT have been burned on the Polygon chain and ALBT have been withdrawn from the ETH chain, with some of the ALBT being converted to ETH via 0x.

Some BEUR have been converted to USDC by the attacker via Uniswap and then cross-chained to the ETH chain and converted to DAI.

Coincu previously reported the BonqDAO encryption protocol and AllianceBlock suffered a loss of $88 million in an attack due to a vulnerability in the BonqDAO smart contract.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Thana

Coincu News

ALBT

BEUR token

BonqDAO

SlowMist

TellorFlex

TRB

WALBT Token

Author

Thana

I am a news editor at Coincu, where I produce daily editorial packages and manage the knowledge and review article sections. Before journalism, I earned a Bachelor's degree in Global Logistics and Supply Chain Management from Northampton University and studied news journalism at Press Association Training.

Related Posts

• Crypto Exchange Hacker Sentenced To 3 Years In Prison For Stealing $12 Million
• Bitkub Announces IPO in 2025 Amid Binance and Kasikornbank’s Market Share Push
• Tether Auditor Is The Top Priority When Stablecoin Issuer Is Now Dominating The Market
• a16z Fuels $30M Surge in Gaming Startup Ecosystem!
• HashKey Deposits And Withdrawals From Binance Will Not Be Available On May 10
• opBNB Mainnet Snow Hardfork Will Launch On April 15
• Court Greenlights Gemini Trust and Genesis Settlement with Bankruptcy Creditors!
• MicroStrategy Short Traders Lose $1.92 Billion Since March!

News, Scam Alert

SlowMist Release A Brief Analysis Of The Attack On BonqDAO Protocol

Key Points:

• As reported by SlowMist, 946,000 ALBT have been converted into 695 ETH, while 558,000 BEUR have been converted into 534,000 DAI.
• 113 million WALBT have been burned on the Polygon chain and ALBT have been withdrawn from the ETH chain, with some of the ALBT being converted to ETH via 0x.

SlowMist’s security team published a summary of the attack on the BonqDAO project. The attacker exploited the oracle to quote the required collateral, which was the fundamental cause of the attack.

The attackers amassed a substantial amount of WALBT and BEUR tokens (113 million WALBT, 98.65 million BEUR). So far, 946,000 ALBT have been converted into 695 ETH, while 558,000 BEUR have been converted into 534,000 DAI. Hackers continue to convert ALBT to ETH, but no funds have been discovered to be transmitted to exchanges or other platforms.

6/ According to @MistTrack_io analysis, 113 million WALBT have been burned on Polygon and withdrawn ALBT from ETH. Part of ALBT was exchanged for $ETH via 0x. Part of BEUR has been exchanged to $USDC via Uniswap and then exchanged to $DAI via Multichain cross-chain to Ethereum. pic.twitter.com/Wydh0w9Mb1

— SlowMist (@SlowMist_Team) February 2, 2023

Firstly, the BonqDAO platform’s oracle source is the TellorFlex self-feed price to Chainlink price ratio. One of TellorFlex’s key limitations is that price reporters must mortgage 10 TRB before reporting price updates. The updateStakeAmount function in TellorFlex can be used to periodically update the amount of TRB that the price reporter needs to mortgage based on the price of the collateral.

Secondly, because the TRB mortgage amount of the TellorFlex oracle contract was initially set to 10 and was not modified via the updateStakeAmount function, the attacker only has to mortgage 10 TRB to become a price reporter and change the price of WALBT tokens in the oracle by using the submitValue function.

Then, the attacker changed the price and used the Bonq contract’s createTrove method to make a trove for the attack contract. The trove contract’s primary job is to record the user’s collateral status, debt status, market borrowing, liquidation, and so on.

After which, the price of WALBT tokens was adjusted and raised immediately after the attacker completed a mortgage operation in the protocol and then called the borrow function to borrow, causing the protocol to mint a large quantity of BEUR tokens for the attacker.

In another assault transaction, the attacker employed the same strategy to change the price of WALBT and subsequently liquidated other market users with liabilities to gain a significant number of WALBT tokens.

According to SlowMist MistTrack analysis, 113 million WALBT have been burned on the Polygon chain and ALBT have been withdrawn from the ETH chain, with some of the ALBT being converted to ETH via 0x.

Some BEUR have been converted to USDC by the attacker via Uniswap and then cross-chained to the ETH chain and converted to DAI.

Coincu previously reported the BonqDAO encryption protocol and AllianceBlock suffered a loss of $88 million in an attack due to a vulnerability in the BonqDAO smart contract.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Thana

Coincu News

Visited 28 times, 1 visit(s) today

Other Posts

Related Posts

Ripple SEC Lawsuit Continues With Company Response To $2 Billion Fine

Crypto To Crypto Converter: Detailed Guide For Beginners And Important Notes

Fiat To Fiat Converter: Detailed Guide For Beginners And Important Notes

Free Bitcoin Code 2024: Easy Way To Own Bitcoin

Top 10 Best Crypto Telegram Bots In 2024

Buy Dogecoin on eToro: Step-by-Step Guide for Beginners (2024)

30-50X Meme Coin List! (That Potentially Work)

Top 5 Gambling Projects Will Offer You The Most Attractive Benefits