Attackers recently targeted Bondly Finance and got over 5M on 15 June. This happened after an unknown attacker took advantage of the infinite mint bug and dumped the 373M “created out of thin air” BONDLY tokens. The best part? The team claims to have no idea as to how it happened and said that they need several days to complete the investigation. BONDLY token has declined almost 90% following the incident.
NFT management platform Bondly allegedly had a rug pull, since the infinite mint bug can’t be performed without the smart contract’s owner authorization. Another theory says that hackers took hold of the owner’s private keys. However, the community’s opinion leans heavily on the side of “rug pull”. This means that the team likely performed the attack themselves.
PeckShield seems to agree with the rug pull theory as the owner address minted the token, before sending it to the attacker’s address to be dumped. The Bondly team has also been criticized for slow response and no proper community, after the attack. Exploit TX 0xc2b339468b23cc8b98d6d4534e87d8ec3b85a0d26f8c169a22efe14d221cfaae shows that very fact.
At the time of this writing, the attackers’ address holds over 11.97 ETH (worth $23K), 274.14 WETH (worth $524K), ~125.8K BONDLY (worth $755K), 444K FXF (worth $133.5K), apart from other relatively smaller token holdings. Some of the funds have been routed to Tornado Cash also. It’s necessary that liquidity providers remove all liquidity as the attacker can still dump large holdings.
The team’s response and actions since then have been suspicious, giving rise to the rug pull theory. It’s further strengthened by the fact that the team refused to give any proper explanation or mitigation plan for the BONDLY token holders, who are left with millions in losses and a largely unresponsive team.
You might also like
More from Altcoin
RBIS, the native token of ArbiSmart is currently standing head and shoulders above its competitors, having maintained a steady upward …