Bondly Finance Exploited for Millions in Potential Rug Pull

While the team is still investigating the attack, initial analysis points to a rug pull.

Key Takeaways

Bondly Finance, a well-known DeFi and NFT project, was exploited today by “an unknown party,” the team said.

After the liquidity pools were exploited, the attacker minted 373 million BONDLY to sell on the open market, leading to an 82% price crash.

While team claims to be investigating the incident, it is suspected the attack may have been an insider job.

NFT project Bondly Finance was exploited today due to a token-minting attack from a still-unknown assailant.

Attacker Mints 373 million BONDLY tokens

Bondly Finance has suffered an attack.

🚨Attention Bondly Community:

Unfortunately we have been compromised by an unknown party

We would like to take this time to advise you to STOP TRADING $BONDLY

Rest assure we have already taken action and will be operating as usual ASAP

Stay tuned for more updates

— Bondly (@BondlyFinance) July 15, 2021

The DeFi and NFT project was exploited today by “an unknown party,” the team said. The incident is only the latest in a series of major exploits that have hit the DeFi sector this year.

During the attack, someone minted 373 million BONDLY tokens and sold off the inflated supply in the liquidity pools, leading to a price crash.

In the official Bondly Finance Telegram group, the team has confirmed the protocol exploit and told the community that it is still investigating the matter. It also advised everyone to stop trading the token.

The Ethereum address associated with the exploit has been funneling funds through various decentralized exchanges. They’ve also used Tornado.Cash to move $100,000 worth of DAI multiple times over. At the time of writing, the address contains about $1.45 million, though the total gains come closer to $7.5 million.

While the team claims to be investigating the incident, some suspect that the attack may have been an inside job, otherwise known as a “rug pull” in the crypto community.

Source: PeckShield

According to analysis from PeckShield, a blockchain security firm, the illegitimately minted BONDLY tokens that the attacker received came from Bondly’s owner address through an owner transfer operation. Discussing the possibility of a rug pull, Xuxian Jiang, founder and CEO of PeckShield, told Crypto Briefing:

“It is potentially a rug pull as the owner (0x58a058ca4b1b2b183077e830bc929b5eb0d3330c) pulls the trigger in transferring out 373M $BONDLY to sell.”

If not an insider job, the other possibility is that the owner’s private key was leaked, Jiang added.

Sam Kim, founder of Umbrella Network, a decentralized Layer-2 oracle network, also pointed to the private key hack.  “Despite these reports, it seems rather unlikely that a public (not anonymous) project like Bondly would rug pull for less than $10 million. The risk and costs are too high. A compromise of their private key seems like the most likely culprit for this attack.” Kim said.

The attack has led to a massive decline in the price of BONDLY tokens. Since the incident came to light, the token has registered an 82% fall, from roughly $0.06 to $0.01 in seven hours, as per CoinGecko.

Bondly Finance first made headlines in Feb. 2021 after it collaborated with YouTuber Logan Paul to issue Pokémon NFTs on Ethereum. Now, it’s become a talking point for a different reason.

Bondly Finance has promised that updates will follow.

Disclaimer Read More Read Less

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

Source: cryptobriefing.com