Wrapped Tokens

BonqDAO protocol suffers $120M loss after oracle hack

An oracle hack allowed the exploiter to manipulate the price of the AllianceBlock token, leading to an estimated $120 million loss, according to Peckshield.

A small decentralized autonomous organization (DAO) has suffered a rather sizeable smart contract exploit, leading to an estimated $120 million being stolen from its protocol.

BonqDAO told its Twitter followers on Feb. 1 that its Bonq protocol was exposed to an oracle hack that allowed the exploiter to manipulate the price of the AllianceBlock (ALBT) token.

An independent analysis from blockchain security firm PeckShield has estimated the loss from the Bonq hack to be around $120 million, comprising $108 million from 98.65 million BEUR tokens and $11 million from 113.8 million wrapped-ALBT (wALBT) tokens.

While the exploit took effect over several transactions, the largest was $82.19 million at 6:32 pm UTC time on Feb. 1, according to multichain portfolio tracker DeBank.

Most of the high-scale transactions took place on the Polygon network.

How it happened

PeckShield explained that the exploiter was able to change the updatePrice function of the oracle in one of BonqDAO’s smart contracts, which meant that they were able to manipulate the price of the wALBT token.

This triggered the exploitation of the wALBT and BEUR. The hacker then swapped about $500,000 worth of BEUR for USDC on Uniswap before burning all 113.8 million wALBT to unlock ALBT.

On-chain security observer “Spreek” — who was one of the first to spot the exploit — told his 18,800 Twitter followers that the exploiter later dumped more BEUR and ALBT tokens for $500,000 in USDC and 144 ETH ($236,000).

PeckShield and others noted that the price of the BEUR and ALBT tokens went down considerably in a short period of time:

In a follow up tweet, BonqDAO said it has paused the protocol and is working on a recovery solution.

“Other troves remain unaffected. Bonq protocol has been paused. We’re working on a solution that will allow users to withdraw all remaining collateral without repaying BEUR in the troves. It will be released tomorrow morning CET,” it said.

AllianceBlock — the token issuers of ALBT — also shared the news on Feb. 1, explaining to its 51,300 Twitter followers that an exploiter managed to gain access to 113.8 million ALBT tokens.

The team is in the process of removing all liquidity on Bonq and has halted exchange trading, it said, adding that no smart contracts were exploited on AllianceBlock.

The announcement from AllianceBlock also added that they would mint new ALBT tokens to those impacted by the exploit up until the time of the announcement.

Related: Tribe DAO votes in favor of repaying victims of $80M Rari hack

BonqDAO is a decentralized autonomous organization that aims to provide self-sovereign financial services to individuals and businesses interest-free without giving up ownership of their assets.

AllianceBlock is a decentralized infrastructure platform that connects traditional financial institutions to Web3 applications.

Alameda tried to redeem 3,000 wBTC days before bankruptcy: BitGo CEO

The CEO of Bitgo stated that the Alameda representative failed the security verification process required to convert Wrapped BTC into BTC.

Mike Belshe, the CEO of digital asset custodian BitGo has confirmed that Alameda Research attempted to redeem 3,000 Wrapped Bitcoin (wBTC) in the days before FTX’s bankruptcy filing on Nov. 11. 

During a Dec. 14 Twitter Spaces hosted by decentralized finance (DeFi) researcher Chris Blec, Belshe confirmed the firm knocked back the redemption request because the unknown Alameda representative involved didn’t pass Bitgo’s security verification process and seemed unfamiliar with how the wrapped Bitcoin burning process worked.

“[The security details] didn’t match the process. So we held it up and we said no, no, no, no. This is not what the burn looks like. And we need to know who this person was.”

“So we held it and while we were holding it, waiting for a response on those issues [Alameda] went bankrupt and of course, once they went bankrupt, everything halted,” Belshe added.

The Bitgo CEO also said that Alameda’s 3,000 BTC mint request remains “stuck” on the platform’s dashboard, adding that the firm would most likely leave the tokens where they are until they’re dealt with by the trustees taking on Alameda’s bankruptcy case.

Alameda’s failed mint transaction request of 3,000 wBTC in exchange for 3000 BTC. Source: wBTC Network Dashboard.

Alameda’s attempt to unwrap the 3,000 wBTC was also confirmed on the Ethereum transaction aggregator Etherscan.

While this would have ordinarily triggered the redemption of BTC, Bitgo has a security mechanism set in place before the conversion takes place, which is what Alameda failed.

It is not understood what the motive was for attempting to redeem the $50 million worth of wBTC, but it is understood that FTX executives were attempting to raise funds from a variety of sources to stave off bankruptcy up until the last minute.

Analysis from Arkham Intelligence on Nov. 25 found that Alameda pulled $204 million from eight different addresses from FTX.US five days before its parent firm eventually filed for Chapter 11.

Related: Alameda had ‘unfair’ trading advantage, special access to FTX funds: CFTC filing

wBTC is a tokenized version of BTC, which can be redeemed for BTC when it is sent to a burn address, triggeringthe release of BTC. The conversion is made at a 1:1 ratio.

The tokenization of wrapped Bitcoin enables Bitcoin holders to interact with Ethereum-based smart contracts and decentralized applications.

Bitgo co-developed wBTC in 2019 alongside blockchain interoperability protocol Ren and multi-chain liquidity platform Kyber. wBTC is also managed by the decentralized autonomous organization wBTC DAO, which comprises over 30 members.

The wBTC dashboard currently shows that BitGo now holds 202,255 BTC in custody against 199,238 wBTC in circulation, amounting to an overcollateralization rate of 101.51%.