The blockchain security company CertiK suggests that the amount of harm that was done to the decentralised protocol BonqDAO on February 1 may have been far less than what was previously believed.
According to information provided by CertiK, the attacker started by taking out a loan for 100 million BEUR, which is a euro stablecoin, using less than $1,000 as collateral since there were no limitations on the ratio of collateralization. If users set the parameter to zero, then the platform will provide the "largest value of uint256" as the default action. This will make it possible for an incredible number of loans to be distributed.
However, according to CertiK, the hacker was only able to withdraw approximately one million dollars due to a lack of liquidity on the platform. This is despite the fact that the attacker borrowed a total of one hundred million BEUR (approximately one hundred twenty million dollars at the time of the attack). Earlier reports from blockchain security companies such as PeckSheild suggested that the hack resulted in losses of about 120 million dollars.
The Liquity Protocol was forked into Bonq, and both blockchains employ Troves to represent discrete debt positions. Bonq is a fork of the Liquity Protocol. On the other hand, reports indicate that Bonq has introduced a Community Liquidation Feature, which resulted in the liquidation of 45 Troves that had exposure to BEUR. CertiK reports that the hack also affected Troves, each of which had around 110 million Alliance Block tokens (ALBT). However, none of the Alliance Block smart contracts were compromised during the event, and the team behind the project has promised to distribute replacement tokens through an airdrop as a form of compensation to the holders of tokens who were harmed.
Although it looks that BonqDAO suffered less loss as a result of the occurrences due to a lack of liquidity, other participants were not as fortunate. On October 12, DeFi protocol Mango Markets suffered an initial loss of $116 million as a result of hacker Avraham Eisenberg's manipulation of the price of the MNGO token price. Eisenberg drove the price up 30 times using huge perpetual future contracts in a short amount of time. Because of the limited liquidity, this was feasible since the amount of initial cash needed to control MNGO was only somewhat significant.
After that, Eisenberg obtained a loan for $116 million using the $423 million of his inflated MNGO holdings as security and stole cash from the platform. He did this simultaneously. On December 28th, Eisenberg was taken into custody in Puerto Rico on suspicion of manipulating the value of commodities and committing commodities fraud.