PANews reported on February 2 that according to The Block, at around 2 a.m. Beijing time on February 2, due to a vulnerability in the BonqDAO smart contract, the cryptographic protocols BonqDAO and AllianceBlock lost $88 million in the attack. Hackers removed approximately 114 million walbt (AllianceBlock's encapsulated native token) and 98 million beur tokens from BonqDAO's treasury (Troves). The treasury is controlled by users and is used to mint beur, a payment token pegged to the euro. The technical reasons for the exploit remain unknown. So far, hackers have sold approximately $1.2 million in tokens, but due to insufficient liquidity, the full amount cannot be converted into stablecoins or ETH.
AllianceBlock said on Twitter that the incident had nothing to do with the BonqDAO treasury and that there was no violation of the smart contract. Both teams are committed to removing liquidity to mitigate the risk of hackers converting stolen tokens into other assets, and have stopped all exchange trading. AllianceBlock has also suspended bridging on the AllianceBlock Bridge until the issue is resolved. The next step is to take a snapshot of users before the attack and then develop a solution for all affected users from the moment of the snapshot. This includes creating new ALBT tokens and airdropping them to the addresses in the snapshot.
Around 6 a.m. this morning, BonqDAO issued an announcement stating: “The Bonq protocol was hacked by an oracle, and the exploiter raised the price of ALBT and minted a large amount of BEUR. BEUR was then exchanged for other tokens on Uniswap. Then, the price dropped to almost zero, which triggered the liquidation of the ALBT vault. Other vaults were not affected. The Bonq protocol has been suspended. We are working on a solution that will allow users to withdraw all remaining collateral without repaying BEUR, which will be released tomorrow morning, Central European Time.”
