$120 Million Exploit: AllianceBlock Token Price Manipulated in Oracle Hack – Here's What Happened
Self-sovereign financial services provider BonqDAO suffered $120 million in losses after a hacker exploited its oracle to manipulate the price of AllianceBlock tokens.
In a Thursday tweet, blockchain security firm PeckShield revealed that BonqDAO’s oracle was manipulated and used to increase the price of AllianceBlock tokens. The exploiter managed to do so by changing the updatePrice function of the oracle in one of BonqDAO’s smart contracts.
As per the PeckShield analysis, the project lost around $120 million due to the hack, which included 98.65 million BEUR tokens, worth around $108 million, and 113.8 million wrapped-ALBT (wALBT) tokens, worth around $11 million.
In another tweet, the official Twitter account of BonqDAO confirmed the hack, saying that an exploiter "increased the ALBT price and minted large amounts of BEUR. The BEUR was then swapped for other tokens on Uniswap. Then, the price was decreased to almost zero, which triggered the liquidation of ALBT troves." They added:
"Other troves remain unaffected. Bonq protocol has been paused. We’re working on a solution that will allow users to withdraw all remaining collateral without repaying BEUR in the troves. It will be released tomorrow morning CET."
In an announcement, the team behind AllianceBlock said they are in the process of removing the liquidity and are halting all exchange trading. They also revealed their plans for compensating impacted users, which would potentially include minting new ALBT tokens.
BonqDAO is a decentralized autonomous organization, an entity with no central leadership, that aims to provide self-sovereign financial services to individuals and businesses interest-free without giving up ownership of their assets.
AllianceBlock is a decentralized crypto infrastructure platform that connects fintech providers and traditional finance institutions to decentralized finance applications.
The BonqDAO hack comes as crypto remains rife with exploits and manipulations. As reported, the industry lost approximately $4 billion worth of digital assets to hacks, fraud, scams, and rug pulls last year.
Among the various forms of illegal activities, hacks accounted for the bulk majority of crypto losses in 2022. More specifically, hackers stole over $3.7 billion, or more than 95% of all crypto lost in the year. Frauds, scams, and rug pulls comprised only 4.4% of the total losses.
"In 2022, DeFi continued to be the main target of successful exploits at 80.5% as compared to CeFi at 19.5% of the total losses," Immunefi said in a report, adding that DeFi suffered $3,180,023,103 in total losses last year, across 155 incidents.