BonqDAO protocol suffers $120M loss after oracle hack

February 2, 2023 Coin Telegraph

BonqDAO protocol suffers 0M loss after oracle hack

ALBT

An oracle hack allowed the exploiter to manipulate the price of the AllianceBlock token, leading to an estimated $120 million loss, according to Peckshield.

A small decentralized autonomous organization (DAO) has suffered a rather sizeable smart contract exploit, leading to an estimated $120 million being stolen from its protocol.

BonqDAO told its Twitter followers on Feb. 1 that its Bonq protocol was exposed to an oracle hack that allowed the exploiter to manipulate the price of the AllianceBlock (ALBT) token.

Bonq protocol was exposed to an oracle hack, where exploiter increased the ALBT price and minted large amounts of BEUR. The BEUR was then swapped for other tokens on Uniswap. Then, the price was decreased to almost zero, which triggered the liquidation of ALBT troves.
— BonqDAO (@BonqDAO) February 1, 2023

An independent analysis from blockchain security firm PeckShield has estimated the loss from the Bonq hack to be around $120 million, comprising $108 million from 98.65 million BEUR tokens and $11 million from 113.8 million wrapped-ALBT (wALBT) tokens.

While the exploit took effect over several transactions, the largest was $82.19 million at 6:32 pm UTC time on Feb. 1, according to multichain portfolio tracker DeBank.

Most of the high-scale transactions took place on the Polygon network.

How it happened

PeckShield explained that the exploiter was able to change the updatePrice function of the oracle in one of BonqDAO’s smart contracts, which meant that they were able to manipulate the price of the wALBT token.

The @BonqDAO is exploited and its price oracle is manipulated to increase the #WALBT price. Here is the example hack tx: https://t.co/YPxXMr2nkf pic.twitter.com/XrzExHY6m1
— PeckShield Inc. (@peckshield) February 1, 2023

This triggered the exploitation of the wALBT and BEUR. The hacker then swapped about $500,000 worth of BEUR for USDC on Uniswap before burning all 113.8 million wALBT to unlock ALBT.

On-chain security observer “Spreek” — who was one of the first to spot the exploit — told his 18,800 Twitter followers that the exploiter later dumped more BEUR and ALBT tokens for $500,000 in USDC and 144 ETH ($236,000).

PeckShield and others noted that the price of the BEUR and ALBT tokens went down considerably in a short period of time:

The actor then walks away by withdrawing the illicit gains with 113.8M #WALBT and 98M #BEUR (valued >$10M). Some of these tokens are then dumped, resulting in major drop! #WALBT dropped by >50% and #BEUR dropped by 34% pic.twitter.com/HEYxrcaB5Y
— PeckShield Inc. (@peckshield) February 1, 2023

In a follow up tweet, BonqDAO said it has paused the protocol and is working on a recovery solution.

“Other troves remain unaffected. Bonq protocol has been paused. We’re working on a solution that will allow users to withdraw all remaining collateral without repaying BEUR in the troves. It will be released tomorrow morning CET,” it said.

AllianceBlock — the token issuers of ALBT — also shared the news on Feb. 1, explaining to its 51,300 Twitter followers that an exploiter managed to gain access to 113.8 million ALBT tokens.

The team is in the process of removing all liquidity on Bonq and has halted exchange trading, it said, adding that no smart contracts were exploited on AllianceBlock.

ANNOUNCEMENT

There has been a recent incident involving several ALBT Troves on Bonq, with the attacker gaining access to around 110M ALBT.

The incident is isolated to these Troves. None of our smart contracts was breached or compromised. pic.twitter.com/puntkIPK3G
— AllianceBlock (@allianceblock) February 1, 2023

The announcement from AllianceBlock also added that they would mint new ALBT tokens to those impacted by the exploit up until the time of the announcement.

BonqDAO is a decentralized autonomous organization that aims to provide self-sovereign financial services to individuals and businesses interest-free without giving up ownership of their assets.

AllianceBlock is a decentralized infrastructure platform that connects traditional financial institutions to Web3 applications.

Sam Bankman-Fried, FTX, Alameda Were Accused of Conspiracy, Racketeering, and Market Manipulation 3 Years Before FTX Collapsed

November 17, 2022 Bitcoin.com

South Korean prosecutors accuse Do Kwon of manipulating Terra’s price

November 4, 2022 Coin Telegraph

arrest warrant

Prosecutors have reportedly secured a "messenger conversation" in which Kwon ordered an employee to manipulate Terra's market price.

A local report from South Korea claims that the country's prosecutors have obtained evidence to suggest Terraform Labs co-founder Do Kwon had onceordered an employee to manipulate the price of Terra Luna Classic (LUNC).

A report by Korean Broadcasting System (KBS) on Nov. 3 quotes an official from the South Korean Prosecutors Office, who said they have obtained a "conversation history" in which "CEO Kwon specifically ordered price manipulation."

The reported evidence came in the form of a "messenger conversation" between Kwon and a former Terraform Labs employee. Prosecutors did not disclose further details, noting:

“I can’t reveal details, but it was a conversation history where CEO Kwon specifically ordered price manipulation.”

While the exact details of the price manipulation remain undisclosed, the price action of Terra’s LUNC (formerly LUNA) during the last bull market was undoubtedly one of the most impressive across all cryptocurrencies.

Its price rose over 2,800% from $4.18 in late May 2021 to its all-time high of $119.18 on Apr. 5. 2022, before its cataclysmic fall on Apr. 30, according to CoinGecko data.

The report however notes that Kwon's representative has continued to deny these allegations.

Kwon and his representatives have also previously denied alleged violations of South Korea's capital markets laws.

In September, Terraform Labs said the case against its co-founder has become "highly politicized" and that prosecutors expanded the definition of a security in response to public pressure.

Kwon’s whereabouts now point to Europe

Kwon's whereabouts ultimately continue to remain a mystery, despite the Terra ecosystem co-founder previously arguing he is "not on the run."

Previous reports have suggested Kwon first moved from South Korea to Singapore, before transitioning to Dubai, United Arab Emirates (UAE). The KBS report now suggests Kwon is residing somewhere in Europe, and as of Nov. 3, without a valid passport.

“Kwon, who has an arrest warrant, had his passport invalidated as of today,” the report stated, adding:

“Do Kwon is now an illegal immigrant, wherever he is, in any country, and he cannot travel legally between countries.”

If found, Kwon will also have to deal with a $57 million lawsuit recently filed against him, his fellow Terra co-founder Nicholas Platias and the Luna Foundation Guard (LFG) in the Singapore High Court.

The plaintiff argued that Kwon, Platias and the LFG fraudulently claimed Terra’s stablecoin, Terra USD (UST) — now TerraUSD Classic (USTC) — was “stable by design” and able to maintain its peg to the U.S. dollar.

The worldwide law enforcement effort to pinpoint the controversial CEO’s location hasn’t stopped Kwon from being active on social media, with the most recent Twitter post from Kwon shared on Nov. 3.

Strangely, these last few weeks have been one of the most creative periods of my life. https://t.co/iE6DuwceVF
— Do Kwon (@stablekwon) November 3, 2022

Cointelegraph reached out to Terraform Labs and the South Korean Prosecutor's Office for comment but did not receive an immediate response.

Moola Market attacker returns most of $9M looted for $500K bounty

October 19, 2022 Coin Telegraph

attacker

The attacker has scored about a half-million dollar “bug bounty” after choosing to return a majority of the cryptocurrency they exploited from the Celo-based lending protocol.

An attacker has returned just over 93% of the more than $9 million worth of cryptocurrencies they exploited from the Celo (CELO) blockchain-based decentralized finance (DeFi) lending protocol Moola Market.

At around 6PM UTC on Oct. 18 the Moola Market team tweeted it was investigating an incident and had paused all activity, adding it had contacted authorities and offered a bug bounty to the exploiter if funds were returned within 24 hours.

Analysis of the exploit by Web3 security company Hacken shows the attacker manipulated the price of the protocols’ low-liquidity native MOO token by initially purchasing around $45,000 worth and depositing it as collateral to borrow CELO.

The borrowed CELO, along with further CELO provided by the attacker, was then used as collateral to borrow more MOO, driving up the token’s price. The attacker continued repeating this until the MOO token price had increased by 6,400%.

With the inflated token price, the attacker was able to borrow $6.6 million worth of CELO, $1.2 million of MOO, along with $740,000 of Cello Euros (cEUR) and $644,000 Celo Dollars (cUSD) all worth multiples more than their initial posted collateral resulting in the protocol's loss of around $9.1 million.

Five hours after the initial confirmation of the exploit, Moola Market tweeted it had received just over 93% of the funds exploited, with the attacker seemingly keeping the rest making around $500,000 as a bug bounty.

Following today's incident, 93.1% of funds have been returned to the Moola governance multi-sig. We have continued to pause all activity on Moola, and will follow up with the community about next steps, and to safely restart operations of the Moola protocol. (1/2) https://t.co/UsdN44X70X
— Moola Market (@Moola_Market) October 18, 2022

Moola Market did not immediately respond to Cointelegraph’s request for comment.

The attack draws similarities to the $117 million exploit suffered by Mango Markets on Oct. 11 in which Avraham Eisenberg and his team manipulated the price of the Solana (SOL)-based DeFi protocols’ native token to borrow cryptocurrencies with an undercollateralized backing. Eisenberg negotiated to keep $47 million as a “bounty.”

Multi-chain cryptocurrency wallet BitKeep also suffered an exploit late on Oct. 17 with an attacker making off with $1 million worth of Binance Coin (BNB) through a service used to swap tokens, BitKeep says it will fully reimburse any affected users.

The attacks are the latest in a series of exploits to have taken place in October which has also shaped up to be the biggest month ever for hacking activity with the total hacked value reaching around $718 million up until Oct. 12 according to analytics firm Chanalysis.

Mango Markets exploiter said actions were ‘legal,’ but was it?

October 18, 2022 Coin Telegraph

Avraham Eisenberg

A crypto lawyer believes the Mango Markets exploiter Avraham Eisenberg could still face consequences despite users supposedly agreeing not to pursue legal action.

The $117 million Mango Markets exploiter has defended that their actions were ‘legal,’ but a lawyer suggests that they could still face consequences.

Self-described digital art dealer Avraham Eisenberg, outed himself as the exploiter in a series of tweets on Oct. 15 claiming he and a team undertook a “highly profitable trading strategy” and that it was “legal open market actions, using the protocol as designed.”

I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.
— Avraham Eisenberg (@avi_eisen) October 15, 2022

The Oct. 11 exploit worked through Eisenberg and his team manipulating the value of their posted collateral — the platforms’ native token MNGO — to higher prices, then taking out significant loans against their inflated collateral which drained Mango’s treasury.

Michael Bacina, partner at Australian law firm PiperAlderman told Cointelegraph “if this had occurred in a regulated financial market it would be likely seen as market manipulation.”

“Price manipulation is a cousin of misrepresentation, and in many jurisdictions engaging in misleading and deceptive conduct is unlawful and grounds for legal claims.”

Eisenberg has committed to “making all users whole” and negotiations between him and the Mango Decentralized Autonomous Organization (DAO) have resulted in the DAO voting that Eisenberg be allowed to keep $47 million as a “bug bounty," while the rest will be sent back to the treasury.

A stipulation as part of the proposal states MNGO token holders “will not pursue any criminal investigations or freezing of funds” as Eisenburg has sent back the agreed portion of the exploited cryptocurrency.

However, Bacina said it’s “unlikely” that Eisenburg would be released from all liability, even from those that voted for the proposal, given the wording of the proposal are “weak," commenting:

“The wording of the proposal is weak and the circumstances are such that the offer of a release are questionable.”

That being said, Bacina said there might be a “limited commercial incentive” to sue Eisenburg as any legal claims would be reduced by the amount a member received due to the proposal.

“Assuming claims survive the proposal, any claims would still need to be reduced by any amounts which had been received by a member as a result of the proposal, which may mean many members have limited commercial incentive to sue Mr Eisenberg,” he explained.

Part of the $67 million worth of crypto returned to the platform will now be used to reimburse affected users under the reimbursement plan approved by the DAO.

Eisenberg maintains the exploited crypto he returned is similar to automatic deleveraging on cryptocurrency exchanges where a portion of profits from profitable traders is recovered to cover losses by the exchange.

Cointelegraph contacted Eisenberg for comment but did not immediately receive a response.

Decentralized exchange GMX suffers $565K price manipulation ‘exploit’

September 19, 2022 Coin Telegraph

<div>Decentralized exchange GMX suffers 5K price manipulation 'exploit'</div>

0% Slippage

A founder of a DEX competitor to GMX said on Sept. 2 that an exploit could be pulled off on GMX which could leave GLP holders short. 16 days later, it happened.

Decentralized exchange (DEX) GMX has reportedly suffered a price manipulation exploit from an exploiter who managed to make off with around $565,000 from the AVAX/USD market.

The unidentified exploiter is understood to have capitalized on GMX’s “minimal spread” and “zero price impact” features to pull off the exploit, which impacted GLP token holders who provided liquidity in the form of AVAX (the Avalanche token) to GMX.

GMX confirmed the price manipulation exploit in a Sept. 18 post on Twitter, but stated that the AVAX/USD market would remain open despite imposing a $2 million cap on long positions and $1 million cap on short positions.

We were notified of price manipulation of AVAX/USD on reference exchanges by monitoring systems and community members.

While we review the occurrence, open-interest for AVAX has been capped at $2m long / $1m short.

GLP and GMX trading markets continue to operate normally.
— GMX (@GMX_IO) September 18, 2022

Head of Derivatives at Genesis Trading Joshua Lim was one of the first to analyze the exploit, stating that the exploiter “successfully extracted profits from GMX's AVAX/USD market by opening large positions at 0 slippage” before transferring the AVAX/USD to centralized exchanges at a slightly higher price.

Lim said this exploit method was repeated five times, with the first cycle taking effect at 01:15 UTC on Sept. 18. Each cycle transferred more than 200,000 AVAX tokens, (roughly $4-5 million per cycle) with the exploiter extracting about $565,000 in profit after paying spread to market makers on other exchanges.

3/ let's take a look at the first cycle which took place from 01:15:31 to 01:28:11 UTC. X was able to extract roughly $158k in profit by trading clips of $4-5mm at a time pic.twitter.com/W6eu7Iz6lz
— Joshua Lim (@joshua_j_lim) September 18, 2022

Lim however noted that this wasn’t an “exploit” in that it was “GMX working as designed.”

Technical analyst “Duo Nine” added that the exploiter was able to take advantage of several large trades against GLP holders because the fixed prices supplied by the Chainlink-run oracles come with no price impact, which is what made the price manipulation exploit possible.

“If traders make profit, the liquidity providers lose. If traders exploit this vulnerability, the GLP holders may lose all their money!”

While GMX immediately capped short and long open interest for AVAX/USD to protect the DEX from further manipulation, Lim said that GMX may need to scrap its “zero price impact” feature despite it successfully onboarding many users to date.

“The real issue is GMX doesn't reflect the true cost of liquidity like other venues do, it offers unlimited liquidity at a mid-market oracle price.”

The recent exploit comes only weeks after the founder of Layer-2 DEX ZigZag “Taureau” said in a Sept. 2 video call that he doubted GMX’s exchange model would be sustainable over the long term, adding that a trader with the right strategy could wipe out GLP token holders:

Has $GMX built a viable system for the long-run?

ZigZag Founder @taureau_21 has his doubts... and predicts eventually that a trader with the right strategy and proper size will wipe out $GLP

Full Episode https://t.co/3k3oLdHFWq pic.twitter.com/MF2Qafxs57
— Flywheelpod (@flywheelpod) September 2, 2022

Community Reaction

The news brought about mixed reactions from the GMX community. One Twitter user highlighted the fact that no smart contract was exploited, while another Twitter user asked GMX whether any compensation would be paid out to affected GLP holders.

On GMX, liquidity providers supply BTC, ETH, AVAX and stablecoins in exchange for the GLP token. The protocol was launched in late 2021 on Ethereum layer-2 scaling network Arbitrum.

The GMX token (GMX) is currently priced at $39.07, down 16.7% over the last 24 hours, according to CoinGecko.

Sygnia CEO criticizes Elon Musk for alleged Bitcoin pump and dump

June 11, 2021 Coin Telegraph

Bitcoin Price

“What we have seen with Bitcoin is price manipulation by one very powerful and influential individual," said Magda Wierzycka.

Magda Wierzycka, one of the richest women in South Africa and CEO of financial services company Sygnia, said Tesla CEO Elon Musk would likely have been investigated by authorities regarding recent allegations over his manipulation of crypto prices — if his target had been almost anything other than Bitcoin.

In an interview with Bruce Whitfield at the Money Show this week, Wierzycka said Musk’s recent social media activity on the price of Bitcoin (BTC) should have made him the subject of investigation by the U.S. Securities and Exchange Commission, or SEC, if Bitcoin were more of a traditional company. The SEC previously accused the Tesla CEO of fraud for issuing false and misleading tweets in 2018, and was rumored to be investigating him for his pro-Dogecoin (DOGE) tweets earlier this year.

“The [Bitcoin] volatility we have seen is an unexpected function of what I would call market manipulation by Elon Musk,” said Wierzycka. “If that happens to a listed company, he would be investigated and severely sanctioned by [the] SEC.”

According to Sygnia CEO, Musk knowingly pumped up the price of Bitcoin (BTC) by writing tweets including those mentioning Tesla’s $1.5 billion BTC purchase, then “sold a big part of his exposure at the peak.” Musk’s public statements on Bitcoin as well as him reversing Tesla’s position on accepting the cryptocurrency as a form of payment constitutes price manipulation.

Many have criticized Musk for allegedly manipulating the price of Bitcoin and other cryptocurrencies like DOGE through his Twitter posts and public appearance on Saturday Night Live — the Tesla CEO appeared as a character named “The Dogefather” and referred to the token as “a hustle.” Last week, he also mentioned the project CumRocket (CUMMIES) in a series of tweets that likely pushed the price of the token 366%, from $0.06 to $0.28.

Though many crypto traders have made gains investing in some of the projects Musk pumps, the allegations over the price manipulation of Bitcoin — with the largest market capitalization of all cryptocurrencies — are particularly concerning for some. The price of the crypto asset has fallen more than 43% since reaching an all-time high of $64,899 in April, and is $36,870 at the time of publication. However, the Bitcoin price dipped as low as $30,000 last month.

“What we have seen with Bitcoin is price manipulation by one very powerful and influential individual,” said Wierzycka.

price manipulation

How it happened

Kwon’s whereabouts now point to Europe

Community Reaction

Share this video