ChainCatcher news, according to PeckShield monitoring, the BonqDAO attacker has transferred approximately 700 Ethereum to Tornado Cash and exchanged about 534,000 DAI for 326 WETH. (source link)

ChainCatcher message, regarding the hacker attack on the BonqDAO project this morning, the SlowMist security team analysis:The oracle used by the BonqDAO platform is based on the ratio of TellorFlex self-reported prices to Chainlink prices. A major limitation for updating TellorFlex prices is that price reporters must first stake 10 TRB before they can submit price updates. In TellorFlex, the amount of TRB required for staking can be periodically updated based on the collateral price using the updateStakeAmount function.Since the TRB staking amount for the TellorFlex oracle contract was initially set to 10 and was not updated through the updateStakeAmount function afterwards, the attacker only needed to stake 10 TRB to become a price reporter and could modify the price of the WALBT token in the oracle by calling the submitValue function.After modifying the price, the attacker called the createTrove function of the Bonq contract to create a trove for the attack contract. The trove contract mainly records the user's collateral status, debt status, borrows from the market, liquidation, etc.Following this, the attacker performed a collateral operation in the protocol and then called the borrow function to take out a loan. Due to the manipulated increase in the price of the WALBT token, the protocol minted a large amount of BEUR tokens for the attacker.In another attack transaction, the attacker used the aforementioned method to modify the price of WALBT and then liquidated other users in debt in the market to obtain a large amount of WALBT tokens.According to SlowMist's MistTrack analysis, 113 million WALBT have been burned on the Polygon chain and ALBT has been withdrawn from the ETH chain, with some ALBT exchanged for ETH through 0x; part of the BEUR has been exchanged by the attacker for USDC via Uniswap and then cross-chained to the ETH chain through Multichain and exchanged for DAI.The SlowMist security team analysis believes that the root cause of this attack lies in the fact that the attacker exploited the cost of collateral required for oracle pricing, which is far lower than the profits gained from the attack, thereby manipulating the market through maliciously submitting incorrect prices and liquidating other users. As of now, 946,000 ALBT have been exchanged for 695 ETH, and 558,000 BEUR have been exchanged for 534,000 DAI. The hacker is still continuously exchanging ALBT for ETH, and no funds have been found to be transferred to exchanges or other platforms. MistTrack will continue to monitor the hacker's movements and follow up on blacklisting.

ChainCatcher news reports that according to the monitoring of the Beosin EagleEye security risk monitoring, early warning, and blocking platform under the blockchain security audit company Beosin, the crypto protocols BonqDAO and AllianceBlock were subjected to price manipulation attacks today. The Beosin security team analyzed that the reason for the attack was that the attackers raised the price of ALBT and minted a large number of BEUR tokens, then exchanged BEUR for other tokens on Uniswap, causing the price of ALBT to drop to nearly zero, which further triggered the liquidation of the ALBT treasury, resulting in a loss of approximately 88 million dollars.Beosin Trace tracking has found that most of the profit funds are still in the hacker wallet. Currently, the AllianceBlock and Bonq teams, along with all relevant partners, are eliminating liquidity and halting all exchange trading. At the same time, all activities on the AllianceBlock Bridge have been suspended.

ChainCatcher news, regarding the BonqDAO smart contract vulnerability attack incident, the crypto infrastructure platform AllianceBlock stated that the attacker stole approximately 110 million ALBT tokens. The team will subsequently take a snapshot before the attack occurred and develop a solution for all affected users at the time of the snapshot, including minting new ALBT tokens and airdropping them to the addresses in the snapshot.Earlier today, the non-custodial lending platform BonqDAO and the crypto infrastructure platform AllianceBlock were attacked by hackers due to a vulnerability in BonqDAO's smart contract, resulting in a loss of approximately 88 million USD. (source link)

ChainCatcher news, according to The Block, the non-custodial lending platform BonqDAO and the crypto infrastructure platform AllianceBlock were hacked due to a vulnerability in BonqDAO's smart contract, resulting in a loss of approximately $88 million. The hacker removed about 114 million WALBT (AllianceBlock's wrapped native token) and 98 million BEUR tokens from a treasury controlled by users, which is used to mint the euro-pegged payment token BEUR.The technical reasons for the vulnerability are currently unclear. The hacker has sold approximately $1.2 million worth of tokens, but due to insufficient liquidity, it is difficult to convert them all into stablecoins or ETH.Additionally, AllianceBlock stated that the incident is unrelated to the BonqDAO treasury, and no smart contracts were compromised. Both teams are committed to eliminating liquidity to mitigate the hacker's ability to convert the stolen tokens into other assets and have halted all exchange trading; AllianceBlock has also suspended cross-chain bridging on the AllianceBlock bridge until the situation is resolved. (Source link)