Hacker Exploited Incorrectly Deployed Price Oracle on DeFi Protocol to Steal Funds Rashmi Ramesh (rashmiramesh_) • February 2, 2023 Image: Shutterstock
Another day, another crypto hack: A hacker on Wednesday exploited a smart contract vulnerability on a decentralized platform to steal cryptocurrency.
How much the hacker stole – that depends on who you ask. Maybe it was $120 million. Or possibly just $1 million. One thing’s for sure: traditional bank robbers never had to grapple with this sort of question.
See Also: Mobile App Friction Report: Crypto Edition – Onboarding
For now, the BonqDAO protocol has paused all transactions on its platform.
Here’s what happened. A hacker found a flaw in software used to price the exchange rate of tokens – known as an oracle – the platform said in a Wednesday tweet. The flaw in the oracle allowed the hacker to manipulate the price of listed tokens and mint new ones.
Essentially, the hacker could he or she could “borrow huge amount of funds with very little collateral with an invalid higher price,” security firm PeckShield tells Information Security Media Group.
PeckShield pegs BonqDAO losses to be $120 million, with the hacker stealing $108 million worth of BEUR tokens and $11 million worth of wrapped ALBT tokens across multiple transactions.
But here’s the catch: the amount of funds the hacker stole is not the amount of funds the hacker gets to keep.
The vulnerability resulted from lack of a check on the