Bondly Finance: Infinite Mint (Compromised or Insider Minting Key)
Someone minted 373 million BONDLY tokens from a single unprotected minting address, dumped them in batches of 100,000, crashed the price 80%, and sent $4.8M to Tornado Cash — while Bondly blamed an "unknown party."
Summary #
Bondly Finance suffered a NFT Platform / Multi-service token platform on 2021-07-15, resulting in a loss of approximately $6M.
What happened #
Someone minted 373 million BONDLY tokens from a single unprotected minting address, dumped them in batches of 100,000, crashed the price 80%, and sent $4.8M to Tornado Cash — while Bondly blamed an "unknown party."
Linked factors #
- RD-F-027 — causal : ★ Single admin EOA — when value mentions key compromise [via realtime_signals/Governance/admin action (Y/N): Y — the minting key had unilateral control; its use was the exploit]
- RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action (Y/N): Y — the minting key had unilateral control; its use was the exploit]