Bondly Finance Exploited for Millions in Potential Rug Pull

Key Takeaways

Bondly Finance, a well-known DeFi and NFT project, was exploited today by “an unknown party,” the team said.
After the liquidity pools were exploited, the attacker minted 373 million BONDLY to sell on the open market, leading to an 82% price crash.
While team claims to be investigating the incident, it is suspected the attack may have been an insider job.

Share this article

NFT project Bondly Finance was exploited today due to a token-minting attack from a still-unknown assailant.

Attacker Mints 373 million BONDLY tokens

Bondly Finance has suffered an attack.

🚨Attention Bondly Community:

Unfortunately we have been compromised by an unknown party

We would like to take this time to advise you to STOP TRADING $BONDLY

Rest assure we have already taken action and will be operating as usual ASAP

Stay tuned for more updates

— Bondly (@BondlyFinance) July 15, 2021

The DeFi and NFT project was exploited today by “an unknown party,” the team said. The incident is only the latest in a series of major exploits that have hit the DeFi sector this year.

During the attack, someone minted 373 million BONDLY tokens and sold off the inflated supply in the liquidity pools, leading to a price crash.

In the official Bondly Finance Telegram group, the team has confirmed the protocol exploit and told the community that it is still investigating the matter. It also advised everyone to stop trading the token.

The Ethereum ( $3,499.60 ) address associated with the exploit has been funneling funds through various decentralized exchanges. They’ve also used Tornado.Cash to move $100,000 worth of DAI multiple times over. At the time of writing, the address contains about $1.45 million, though the total gains come closer to $7.5 million.

While the team claims to be investigating the incident, some suspect that the attack may have been an inside job, otherwise known as a “rug pull” in the crypto community.

Source: PeckShield

According to analysis from PeckShield, a blockchain security firm, the illegitimately minted BONDLY tokens that the attacker received came from Bondly’s owner address through an owner transfer operation. Discussing the possibility of a rug pull, Xuxian Jiang, founder and CEO of PeckShield, told Crypto Briefing:

“It is potentially a rug pull as the owner (0x58a058ca4b1b2b183077e830bc929b5eb0d3330c) pulls the trigger in transferring out 373M $BONDLY to sell.”

If not an insider job, the other possibility is that the owner’s private key was leaked, Jiang added.

Sam Kim, founder of Umbrella Network, a decentralized Layer-2 oracle network, also pointed to the private key hack.  “Despite these reports, it seems rather unlikely that a public (not anonymous) project like Bondly would rug pull for less than $10 million. The risk and costs are too high. A compromise of their private key seems like the most likely culprit for this attack.” Kim said.

The attack has led to a massive decline in the price of BONDLY tokens. Since the incident came to light, the token has registered an 82% fall, from roughly $0.06 to $0.01 in seven hours, as per CoinGecko.

Bondly Finance first made headlines in Feb. 2021 after it collaborated with YouTuber Logan Paul to issue Pokémon NFTs on Ethereum ( $3,499.60 ) . Now, it’s become a talking point for a different reason.

Bondly Finance has promised that updates will follow.

This news was brought to you by ANKR, our preferred DeFi Partner.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

YouTuber Logan Paul Mints Pokémon NFTs on Ethereum ( $3,499.60 )

The NFT space has a new celebrity entrant. This time, it’s the popular YouTuber Logan Paul.  YouTuber Gets Tokenized  The American YouTube celebrity will be releasing the digital art pieces…

Alpha Finance Exploited in $37.5 Million Attack

An attacker targeted DeFi protocol Alpha Finance for a sum of $37.5 million earlier this morning. The exploit was found in the protocol’s Alpha Homora V2 product—not Cream Finance, as…

Efficient Market Hypothesis: Does Crypto Follow?

The Efficient Market Hypothesis (EMH) is a concept in financial economics which states that security prices reflect all the available information about a financial instrument. EMH is one of the…

Polygon Project SafeDollar Crashes to Zero After Attack

Polygon-based stablecoin SafeDollar collapsed to zero after its liquidity pools were exploited in a security incident. SafeDollar Plunges To Zero Within a couple of weeks of launch, algorithmic stablecoin SafeDollar…


Recommended For You

About the Author: wp4crypto