BonqDAO: Oracle Manipulation (Tellor Price Feed — Instant Value)
BonqDAO was manipulated with $175 worth of TRB tokens to report a fake WALBT price — allowing the attacker to borrow 100 million BEUR against 0.1 WALBT and liquidate every other user's collateral, causing $120M in nominal damage while escaping with only ~$1.7M.
Summary #
BonqDAO suffered a Lending / CDP Stablecoin Protocol on 2023-02-01, resulting in a loss of approximately $120M.
What happened #
BonqDAO was manipulated with $175 worth of TRB tokens to report a fake WALBT price — allowing the attacker to borrow 100 million BEUR against 0.1 WALBT and liquidate every other user's collateral, causing $120M in nominal damage while escaping with only ~$1.7M.
Linked factors #
- RD-F-001 — causal : ★ Audit scope mismatch — alternate field name [via dashboard_risk_factors/Exploited code in scope?: No — the attacked oracle contracts (TellorPriceFeed etc.) were added post-audit and were explicitly out of scope]
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited (post-audit oracle contracts)]
- RD-F-006 — causal : Audit-deploy gap — alternate field name [via dashboard_risk_factors/Code newly deployed/upgraded?: Yes — oracle contracts were post-audit additions]
- RD-F-090 — illustrative : Mixer withdrawal → protocol interaction [via realtime_signals/Pre-exploit on-chain signals: Attacker funded via Tornado Cash before attack; 10 TRB staked on TellorFlex (small, unusual stake from fresh wallet)]
- RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — WALBT oracle price reported at an astronomical value; detectable instantly]