Bondly Got Hacked For Millions And The Team Has No Idea Why!

Bondly Finance - the NFT management platform was exploited on June 15 for millions, through an infinite mint bug, was it a rug pull?

Dennis Weidner

Dennis Weidner

July 18, 2021 11:11 AM

Bondly Got Hacked For Millions And The Team Has No Idea Why!

Attackers recently targeted Bondly Finance and got over 5M on 15 June. This happened after an unknown attacker took advantage of the infinite mint bug and dumped the 373M “created out of thin air” BONDLY tokens. The best part? The team claims to have no idea as to how it happened and said that they need several days to complete the investigation. BONDLY token has declined almost 90% following the incident.

We will need several days to complete our investigation. Simultaneously, we are exploring a variety of options to support our community, including the possibility of token redeployment. We will provide an update once our investigation is completed. Thank you for your patience

NFT management platform Bondly allegedly had a rug pull, since the infinite mint bug can’t be performed without the smart contract’s owner authorization. Another theory says that hackers took hold of the owner’s private keys. However, the community’s opinion leans heavily on the side of “rug pull”. This means that the team likely performed the attack themselves.

The huge mint of 373M BONDLY @BondlyFinance on eth is performed by owner: 0x58a058ca4b1b2b183077e830bc929b5eb0d3330c, a rug pull?

PeckShield seems to agree with the rug pull theory as the owner address minted the token, before sending it to the attacker’s address to be dumped. The Bondly team has also been criticized for slow response and no proper community, after the attack. Exploit TX 0xc2b339468b23cc8b98d6d4534e87d8ec3b85a0d26f8c169a22efe14d221cfaae shows that very fact. 

⚠️ Bondly Finance $BONDLY has been exploited ⚠️ @BondlyFinance #defi

At the time of this writing, the attackers’ address holds over 11.97 ETH (worth $23K), 274.14 WETH (worth $524K), ~125.8K BONDLY (worth $755K), 444K FXF (worth $133.5K), apart from other relatively smaller token holdings. Some of the funds have been routed to Tornado Cash also. It’s necessary that liquidity providers remove all liquidity as the attacker can still dump large holdings.$bondly

exploiter address visualized

The team’s response and actions since then have been suspicious, giving rise to the rug pull theory. It’s further strengthened by the fact that the team refused to give any proper explanation or mitigation plan for the BONDLY token holders, who are left with millions in losses and a largely unresponsive team. 

Dennis Weidner
Article By

Dennis Weidner

Latest articles on Cryptoticker

View All

Regular updates on Web3, NFTs, Bitcoin & Price forecasts.

Stay up to date with CryptoTicker.