Someone stole $21 million from BonkDAO without hacking anything


An attacker stole $21.2 million from BonkDAO’s vault without hacking anything. He bought BONK tokens for $4.4 million, which were suggested via a management forum and which no one verified for seven days. He voted yes on the proposal using his tokens, and watched the funds move to his wallet automatically. Once implemented, it was irreversible.

Within a few hours, Bonk price It decreased by approximately 6.59% on volume of 955.47 billion.

The token rose from a high near 0.00000490 to 0.00000417 as the news spread. The market capitalization lost nearly $40 million and some exchanges halted BONK withdrawals.

    BONK Price - TradingView    BONK Price - TradingView
BONK price decreased by about 6.59%

BonkDAO theft details

The proposed name for the project is BIP #76, Sowellian BonkDAO. She talked about governance improvements, asset monetization, and token rebuilding, but did not explain what that meant concretely.

The transaction contains a single instruction to transfer 4.426 trillion BONK to a wallet address owned by the attacker.

The attacker must have a quorum limit to execute the suggestion. So they bought only 882.285 billion BONK. Their entire group was used for voting.

When the voting period ended, trillions of BONK tokens flowed into their wallets when the vote was accepted.

A seven-day voting period passed with very few community members reading and voting against the motion to stop voting. That’s the point here. No technical problem occurred. There was simply no one listening.

More details about the BonkDAO exploit

Bonk It was launched on Christmas Day 2022, shortly after FTX collapsed within a few weeks. The entire concept was based on community ownership, meaning no venture capital investment, no insider allocation, and power vested in the owners.

BonkDAO identified the attacker’s wallets, notified exchanges and bridges, sent a message to the Solana Foundation, and notified law enforcement. There is ongoing work to recover the funds, but the transfer was off-chain and automatic, making it difficult to recover any funds.

The attacker made one transaction, turning $4.4 million into $21.2 million. This is a 5x return through the project’s democratic process.

What BonkDAO Status Means for DAO Governance

A decentralized autonomous organization (DAO) in which most token holders do not vote is not decentralized governance; It’s just a closet with an open door. A quorum was not achieved in BIP No. 76, therefore, $4.4 million in purchased votes was sufficient to reach a quorum.

There was no hacking involved in this exploit. This same attack is possible anywhere where the quorum is low enough.

If you’re looking for the best cryptocurrency analysis site, check out our coverage on Cryptographic research tools.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *