Decentralized e-commerce platform Bondly Finance appears to be the latest victim of a token-minting attack. But while the team appears to be investigating the attack, there are reports that the project may have pulled an exit scam.
Although the details of the attack are still sketchy, the attacker reportedly minted 373 million BONDLY tokens. This inflated supply was then sold off in the liquidity pools, fueling a crash in the price of the asset. Within three hours of the hack, the BONDLY token crashed by 60%.
The price of the token has since fallen from $0.06 before the attack to $0.0025, representing a crash of about 96%.
The project’s official Telegram group confirmed that the protocol was exploited and advised users to stop trading the token.
Meanwhile, the Ethereum address linked to the attack has been sending funds to different decentralized exchanges. The attacker also used Tornado.Cash to move $100,000 worth of DAI multiple times.
While the Bondly team claims not to have any knowledge in the hack, PeckShield, a blockchain security and data analytics firm, claims that the attack might be a “rug pull” or an insider job. PeckShield asserts that the unauthorized minted BONDLY tokens were received from the address of Bondly’s owner via an owner transfer operation.
The latest exploit follows a string of attacks targeted at decentralized finance (DeFi) protocols.