BonqDAO Protocol Oracle Hack
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Bonq DAO is a non-custodial, decentralized, and over-collateralized lending platform that allows users to borrow against their own tokens at zero interest rate. It also creates a deep liquidity solution without incentivizing or paying the other side of the liquidity pool. BonqDAO uses the BEUR, a collateralized, low volatility payment coin to allow users to borrow against their whitelisted crypto assets at a zero interest rate. Omniscia’s audit of BonqDAO raised concerns over “multiple vulnerabilities as well as core design flaws”. An anonymous attacker was able to manipulate the Tellor price feed to their advantage and siphon off funds amounting to approximately $120M, although they managed to steal less than $2M. The attacker deposited 10 TRB to call the depositStake function of the TellorFlex contract and stake 0.1 $WALBT to the trove contract to borrow 100M $BEUR by artificially inflating the price of WALBT. The damage to BonqDAO was brutal, with TVL drained from ~$13M to just over $100k at the time of writing. Stolen BEUR was dumped on Polygon for just over $500K. The attacker’s ETH address currently holds 711 ETH ($1.2M) and 535k DAI, as well as 89M ALBT.
Bonq DAO "We make self-sovereign finance a reality. With Bonq, businesses and individuals can access liquidity of their crypto assets without giving up ownership and completely interest-free!"
"List your token on Bonq once and never worry about liquidity again. Token holders can borrow against their whitelisted crypto assets at ZERO interest rate and own their liquidity."
"On-chain, non-custodial and decentralized liquidity protocol that uses a collateralized, low volatility payment coin (BEUR). Users can borrow BEUR against their whitelisted crypto assets at ZERO interest rate and own their liquidity."
"Bonq is a non-custodial, decentralized and over-collateralized lending platform that solves four critical problems for projects and protocols that have a token: Allows them to borrow against their own tokens at zero interest rate. Creates deep liquidity solution without the need to incentivize or pay the other side of the liquidity pool. Offers sustainable yields to their community members holding tokens in a safe and secure environment. Allows Treasuries to de-risk and create a smart capital allocation."
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
"Omniscia’s audit of BonqDAO raised concerns over “multiple vulnerabilities as well as core design flaws”.
According to Omniscia's post-mortem, BonqDAO decided to:
not move forward with the implementations audited at the time, opting to integrate Chainlink oracles in the future.
The Bonq Protocol has introduced numerous updates since the time the audit was finalized, including all contracts involved in the vulnerability (ConvertedPriceFeed, ChainlinkPriceFeed, and TellorPriceFeed). These contracts were never in scope of any audit conducted by the Omniscia team and thus are considered to be unaudited code."
Bonq DAO was hit by a two-stage attack in an oracle manipulation. While the losses to the protocol were reportedly $120M USD, the anonymous attacker got away with less than $2M USD due to low liquidity.
|February 1st, 2023 11:29:18 AM MST||Malicious Polygon Transaction||The malicious transaction occurs on the blockchain.|
|February 1st, 2023 11:31:06 AM MST||Follow Up Transaction||"In a follow-up tx, the actor further manipulates the #WALBT price and liquidates a bunch of (33) troves".|
|February 1st, 2023 12:17:00 PM MST||Report By Spreekaway||Twitter user Spreekaway was the first to report on the exploit on Twitter.|
|February 1st, 2023 3:49:00 PM MST||PeckShield Technical Analysis||PeckShield starts publishing a technical analysis of the BonqDAO exploit in a live fashion.|
|February 1st, 2023 3:54:00 PM MST||Samczsun Twitter Analysis||Samczsun analyzes the attack on Twitter and summarizes as "an extremely sophisticated attack in which the attacker said "btw 1 ALBT = 5 billion MATIC now" and Bonq said "ok"".|
|February 1st, 2023 8:37:00 PM MST||PeckShield Report of Holdings||PeckShield provides an update reporting the holdings of the attacker and their strategy.|
|February 1st, 2023 9:42:00 PM MST||MetaSleuth Blockchain Analysis||Twitter user MetaSleuth (part of the BlockSecTeam) reports an analysis of the path of the exploited funds.|
|February 2nd, 2023 3:38:00 AM MST||Beosin Alert Analysis Posted||Beosin provided a technical analysis and step by step walkthrough of the exploit.|
|February 3rd, 2023 2:59:00 AM MST||MetaSleuth Analysis Update||The MetaSleuth analysis is updated to report that the exploiter has swapped their DAI for Ether and is sending those funds through TornadoCash. Beosin detects the same thing roughly 30 minutes later.|
|February 7th, 2023 2:18:00 AM MST||Rekt Article Published||Rekt publishes an article on the Bonq exploit. |
The attack against the BonqDAO was a price manipulation attack.
PeckShield Technical Analysis
The @BonqDAO is exploited and its price oracle is manipulated to increase the #WALBT price.
Using an example, with the manipulated #WALBT price, the malicious actor is able to mint >100M #BEUR.
In a follow-up tx, the actor further manipulates the #WALBT price and liquidates a bunch of (33) troves.
The actor then walks away by withdrawing the illicit gains with 113.8M #WALBT and 98M #BEUR (valued >$10M). Some of these tokens are then dumped, resulting in major drop! #WALBT dropped by >50% and #BEUR dropped by 34%
The estimated loss of @BonqDAO hack is ~$120M: 98M $BEUR (was priced $1.1 -> $108M) and 113.8M $WALBT (was priced -> $0.1 at $11M). Now the $BEUR price is dropped by >30% and $WALBT dropped by >50%!
PeckShield later posted an update with the current status a few hours later.
The BonqDAO exploiter currently holds 89.2M $ALBT, 711 $ETH ($1.2M), & 534k $DAI
They cross-chained 113.8M $ALBT & 534,481 $USDC from Polygon to Ethereum through Multichain.
They already dumped 24.6M $ALBT in batches of ~1M $ALBT each, swapped 534.5k $USDC for 534.5k $DAI
Samczsun Technical Analysis
Samczsun summarized the attack very succinctly.
It appears that BonqDAO was hit by an extremely sophisticated attack in which the attacker said "btw 1 ALBT = 5 billion MATIC now" and Bonq said "ok"
MetaSleuth (BlockSecTeam) Analysis
BlockSec provided a detailed flowchart of funds. The attacker’s ETH address was funded via Tornado Cash shortly before the attack, and the stolen funds have since been deposited back into the mixer.
1/ The profit of @BonqDAO attacker is around 98.6M BEUR 113M WALBT. Specifically, 113M WALBT was burned to unlock 113M ALBT. ~0.5M BEUR was swapped to 534,535 USDC and t to Ethereum (0xcacf…6642). 98.1M BEUR was still on the attacker’s account on Polygon.
2/ For 0xcacf..6642 on Ethereum, it s[w]apped the received USDC to DAI using 0xExchange(@0xproject). Also, WALBT is swapping into ETH/USDT using 0xExchange and Uniswap. The account currently holds 711 ETH, 534,481 DAI, and 89M ALBT.
3/ Update： The @BonqDAO attacker has swapped DAI for Ether and laundered 1,105 Ether via Tornado Cash.
Rekt Technical Analysis
The hacker was able to manually update the Tellor price feed of (wrapped) WALBT collateral by staking 10 TRB tokens (worth just ~$175).
The attacker then used the submitValue function to report WALBT price to the oracle and, because BonqDAO uses the instant value, the attaker was able to borrow against their inflated collateral within the same tx.
Firstly, the ALBT price was raised, allowing the attacker to mint 100M BEUR, Bonq’s Euro-pegged stablecoin against 0.1 WALBT collateral.
Then, in a subsequent transaction, the WALBT price was reset to extremely low, allowing the attacker to liquidate user’s WALBT collateral, and netting approximately 113M WALBT."
Beosin Technical Step By Step
A technical step by step was provided by Beosin.
The attacker carried out the attack in two ways, one by controlling the price to borrow a large amount of tokens, the other by liquidating others’ property to make a profit.
"The attacker calls the depositStake function of the TellorFlex contract, depositing 10 $TRB. Why 10 TRBs? We can see that the takeAmount is exactly 10*10^18
Next, the hacker calls the submitValue function to submit a request to change the $WALBT price. The function determines if the caller's stake amount has reached the pre-set takeAmount, which is why the attacker needs to first stake 10 TRB tokens (10^18 is decimal point).
This function will record the price submitted by the caller, in this case 50000000000000000000000000000000.
After the price is set, the hacker calls the createTrove function of the Bonq contract to create the trove(0x4248FD) contract, which is a contract of data recording, borrowing and liquidating. Next, the attacker stakes 0.1 $WALBT to the contract to perform a borrowing operation.
Normally, the borrowing amount should be < 0.1 WALBT to ensure collateral rate in a safe range. But in this contract, the calculation of the collateral value is via TellorFlex contract. The attacker has already raised $WALBT price, thus being able to borrow 100M $BEUR.
The hacker sets $WALBT to a low price in 2nd TX. When the $WALBT price is extremely low, the stake rate of WALBTs staked by other users will be at liquidation, enabling hacker to liquidate $WALBT staked by other users at low cost, eventually obtaining ~114M WALBT."
Total Amount Lost
The total amount lost has been estimated at $120,000,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
"Despite all the action being visible on-chain, BonqDAO telegram admins attempted to downplay the incident whilst the team presumably worked out what had happened."
"Losses have been widely reported to be up to $120M, using the tokens’ prices at the time of the hack. But low liquidity meant the attacker has only managed to swap the loot to around $1.7M worth of ETH and DAI, so far.
Nevertheless, the damage to BonqDAO was brutal, with TVL drained from ~$13M yesterday to just over $100k at the time of writing."
"Stolen BEUR was dumped on Polygon for just over $500K. Funds were then sent to the attacker’s Ethereum address, where the ALBT was repeatedly dumped for ETH. The attacker’s ETH address currently holds 711 ETH (~$1.2M) and 535k DAI, as well as 89M ALBT (supposedly worth ~$3M, if the attacker can find somewhere to sell it…)."
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
"While it may have been BonqDAO had the vulnerability, AllianceBlock has suffered significant collateral damage from this incident.
The sell-off of Bonq users' liquidated ALBT caused its price to dump up to ~75% following the attack. AllianceBlock have stated they will reissue the token and airdrop to users based on a Snapshot from before the hack.
Bonq’s Euro stablecoin, BEUR, has dropped to approximately 25% below its peg and the price of the DAO’s token, BNQ, has also taken a hit of over 30%.
AllianceBlock may not be at fault for the vulnerability, but perhaps they need to work on their due diligence."
Bonq Protocol Documentation Update
On Feb 1st, 2023 Bonq protocol was exposed to oracle hack
Protocol is at the moment paused. Recommended course of actions is, to visit Bonq app and withdraw any available Trove collaterals. Bonq repaid all debts on the remaining troves, so collaterals can be withdrawn! Any other actions, that are not officially communicated, please withhold on them.
Hack report Bonq 2.0 recovery/reboot proposal
Please bear with us and thank you for your understanding.
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
- BonqDAO - Self-sovereign finance (May 3, 2023)
- Welcome to Bonq - Protocol Overview (May 3, 2023)
- BonqDAO Exploiter Wallet - PolygonScan (May 3, 2023)
- Malicious Exploit of BonqDao - PolygonScan (May 3, 2023)
- Follow Up Liquidation Transaction - PolygonScan (May 31, 2023)
- spreekaway - "seems that @BonqDAO and @allianceblock has been exploited and large amounts of BEUR and ALBT tokens tokens have been stolen." Twitter (May 3, 2023)
- PeckShield - "The @BonqDAO is exploited and its price oracle is manipulated to increase the #WALBT price." - Twitter (May 31, 2023)
- PeckShield - "The estimated loss of @BonqDAO hack is ~$120M: 98M $BEUR (was priced $1.1 -> $108M) and 113.8M $WALBT (was priced -> $0.1 at $11M). Now the $BEUR price is dropped by >30% and $WALBT dropped by >50%!" - Twitter (May 31, 2023)
- Samczsun - "It appears that BonqDAO was hit by an extremely sophisticated attack in which the attacker said "btw 1 ALBT = 5 billion MATIC now" and Bonq said "ok"" - Twitter (May 31, 2023)
- MetaSleuth - "The profit of @BonqDAO attacker is around 98.6M BEUR 113M WALBT. Specifically, 113M WALBT was burned to unlock 113M ALBT." - Twitter (May 3, 2023)
- MetaSleuth Fund Path Analysis (May 4, 2023)
- BeosinAlert - "@BonqDAO and @allianceblock were under price manipulation attack earlier today, resulting in a $88M loss." - Twitter (May 3, 2023)
- MetaSleuth - "The @BonqDAO attacker has swapped DAI for Ether and laundered 1,105 Ether via Tornado Cash." - Twitter (May 4, 2023)
- MetaSleuth Analysis On TornadoCash Exiting (May 4, 2023)
- BeosinAlert - "Update: @BonqDAO exploiter has laundered 1,105 $ETH via Tornado Cash." - Twitter (May 31, 2023)
- RektHQ - "BonqDAO got bonked for $120M last week. But the anonymous attacker got away with less than $2M." - Twitter (May 31, 2023)
- Rekt - BonqDAO - REKT (May 3, 2023)
- PeckShield - "The BonqDAO exploiter currently holds 89.2M $ALBT, 711 $ETH ($1.2M), & 534k $DAI. They cross-chained 113.8M $ALBT & 534,481 $USDC from Polygon to Ethereum through Multichain. They already dumped 24.6M $ALBT in batches of ~1M $ALBT each, swapped 534.5k $USDC for 534.5k $DAI" - Twitter (May 31, 2023)
- Hack Report - BonqDAO (May 4, 2023)
- Bonq 2.0 Reboot/Recovery Proposal (May 4, 2023)