A Deep Dive into the BonqDAO Incident: Risks and Takeaways

The Incident: What Went Down?

On February 1, BonqDAO faced a chilling security breach that left many wondering how a decentralized protocol could be so vulnerable. An attacker borrowed a staggering 100 million BEUR, a euro-pegged stablecoin, with barely a thousand bucks in collateral. This awkward reality occurred because of sloppy controls on the collateralization ratio, creating an invitation for mischief.

How Could This Happen?

So, what’s the deal with the collateralization ratio? Well, if users set this parameter to zero, the system defaults to accepting a ridiculously high sum for loans, thanks to the magical numeral known as “maximum value of uint256.” It’s like going into a bank and asking for a personal loan worth the GDP of a small nation – without any savings to show for it!

But Wait, It Gets Better!

While the attacker technically borrowed $120 million worth of BEUR, they only managed to walk away with about $1 million. Why, you ask? Liquidity or the lack thereof! It seems that Bonq’s reserves were as thin as a pancake on a diet, and that severely curbed the hacker’s plans. Meanwhile, earlier reports from blockchain security firms, including PeckShield, had everyone thinking the losses were astronomical!

The Liquidation Circus

Bonq is a fork of Liquity Protocol, and while they incorporate some nifty features, they weren’t ready for this kind of ruckus. After the incident, 45 Troves, which hold that fancy BEUR collateral, got liquidated quicker than a bad meme goes viral on the internet.

Lessons Learned and Silver Linings

Even though BonqDAO’s issues were less catastrophic than initially perceived, the incident raises alarms about decentralized protocol security. The hacker’s antics were further complicated as many users affected by the hack will see new tokens airdropped to make amends. So, while BonqDAO learned the hard way about the importance of tight security measures, those hurt in the attack are getting some love back from AllianceBlock as they send new tokens into the wild.

Close Calls in DeFi

And while BonqDAO brushed some dirt off its shoulders, not all protocols have been fortunate. Take Mango Markets, for instance. On October 12, they lost $116 million because a hacker cleverly manipulated the price of MNGO. Armed with low liquidity – the silent killer of many a DeFi platform – the attacker managed to inflate the price of MNGO 30x, executing a heist of epic proportions.

In a wild twist of fate, that same hacker was arrested later on charges of commodities fraud. If you thought fishy dealings were only found in a seafood market, think again!