The cryptocurrency world was shaken by the hacking of BonqDAO, a DeFi platform built on Polygon. After this development, while people eagerly awaited an explanation of the details of the hack from the authorities, that statement finally came. According to the statement, the hacker made a considerable amount of money from the hack, which he did with a tiny amount.
120 Million BEUR Were Stolen from BonqDAO
On February 1, BonqDAO – a DeFi protocol that operates on the Polygon blockchain – announced an attack had targeted it. Specifically, they reported being exposed to an oracle hack wherein exploiters artificially increased the ALBT price and used this increase to massive mint amounts of BEUR, which were then swapped for other tokens on Uniswap. Then, when they decreased the ALBT price to almost zero, large numbers of troves held in ALBT were liquidated.
Indeed, the protocol was responsible for creating the stablecoin BEUR, which is pegged to the euro. This can be achieved by depositing more cryptocurrency than what will be created in coins. Unfortunately, a hacker manipulated ALBT token prices before using these tokens to mint an astounding 120 million BEUR tokens!
Fortunately for the protocol, it had little liquidity on Polygon’s decentralized exchanges, so that the hacker could only sell some of their 120 million BEUR. Ultimately they were able to exchange approximately $2 million and move them straight to Ethereum via Tornado Cash to hide their identity.
Hacker Used an Oracle Manipulation Attack
Following the event, Peckshield and Beosin released more comprehensive analyses of the incident. Thus, we see that ultimately it was successful for the attacker, who earned a whopping 1,142,857% return!
To enact his malicious attack, the hacker modified the price of WALBT by staking 10 TRB (around $175). Then, he used the submit.Value function to relay the false value to BonqDAO‘s oracle. Once it was successfully manipulated, he called createTrove, which allows the creation of BEUR tokens in return for deposits as collateral. Lastly, 0.1WALBT was deposited to borrow an incredible 100 million BEUR tokens!
To take advantage of the opportunity presented by his malicious manipulation, the hacker drove down WALBT’s price to an incredibly low level. This created a lucrative liquidation prospect which he seized, earning him 114 million WALBT tokens. With merely an initial deposit of $175, this brazen individual could exploit the protocol and make around $2 million in profit!
You might check:Unlocking the Secrets of Lido DAO: What You Need to KnowDAO