Last update: Feb 25, 2023
On Dec 15, 2022, BonqDAO launched on Polygon as a zero-interest lending protocol with a native stable coin -BEUR. Over the next 6 weeks, things were looking good. BEUR was stable, the protocol generated cashbacks for BNQ (a native utility token on the Bonq protocol) stakers, and over 80% of BNQ in circulation were staked. On Jan 31, 2023, BonqDAO was listed in top 20 by TVL on Polygon on DeFi Llama. This proved that the initial mechanism design and the user interface were working as intended.
The next day, Feb 1, 2023, the protocol was attacked. The attacker was able to change the ALBT price feed (one of the whitelisted assets used as collateral), mint 100 million BEUR, change the ALBT price again, liquidate all ALBT into their trove, drain the protocol’s liquidity on Uniswap and redeem other collateral in the remaining troves.
The attack was possible because of the bad technical implementation of the protocol, specifically the smart contract that reads the ALBT price from an on-chain oracle. The contract was badly written, was not properly tested and was not audited.
This situation happened because the governance of BonqDAO was centralized. One trusted person (the CTO) was in charge of writing the code, testing, auditing and deployment.
In order to overcome this crisis and succeed in the future, BonqDAO has to change its governance and its business model.
The roles of the CTO and the Chief Security Officer have to be separated and elected via a vote by the BNQ token holders. Any major updates to the protocol (like a release of a completely new version) have to be approved by the DAO executive committee, not by just one person. The number of executive committee members has to be increased and they have to be elected by BNQ token holders.
The initial success of BonqDAO’s lending protocol was in great part due to the strong support we received from the Alliance Block community. However, after the attack, this support is no longer there, which in the short-term makes it harder for Bonq to compete with any of the existing lending protocols that never got hacked unless there’s another community willing to use Bonq. Therefore, within the next 6 months, zero-interest lending is no longer an option, unless we find new partners.
But the vision for Bonq was never to just be another lending protocol. The uniqueness of Bonq came from offering premium services to its users in exchange for monthly subscriptions, which would accumulate in the cashback pool for BNQ stakers. These premium features can be the initial drivers of BonqDAO’s future success and the ability to create utility for BNQ.
Premium services will allow Bonq users to automatically manage their assets, leverage positions and optimize their yields. Those automations which initially were designed to be integrated with the Bonq lending protocol will be offered multi-chain to other lending protocols such as Aave, Compound or Mai, Yeti, and Liquity zero-interest protocols. Users will pay a monthly subscription and all the fees will be channeled to the BNQ cashback pool, so users staking BNQ would be able to use the services for free. This mechanism would be similar to Bonq 1.0 cashbacks, but now users can use cashbacks to pay back their loans on any lending platform integrated with Bonq.
This business model will add value to end users of the existing DeFi protocols as well, so we can expect new BNQ holders coming from these communities.
Implementing this vision will not be easy and will not happen overnight. Before the attack, BonqDAO was in the middle of a quite successful funding round, which for obvious reasons didn’t materialize. Therefore after restructuring, BonqDAO will restart the fundraising process.
Urgently, BonqDAO needs to recruit a new CTO in charge of putting together a development team as well as a new Chief Security Officer who oversees and approves any new technology developed and deployed by the DAO from a cybersecurity point of view. The DAO will also appoint new executive members, recruited from the community and approved by the BNQ holders. There should be 5 executive members in total, so that a majority requires 3 people, and not just 2 like it is right now.
BonqDAO needs to update its governance and business model. It has to immediately become much more decentralized, both in terms of governance and solutions. This would create opportunities for creating strong utility for BNQ tokens.
The immediate next steps will include:
BNQ airdrop to all wallets affected by the attack. Based on the current estimates, the DAO will distribute around 100 million BNQ, or 10% of the total supply to the users. It will mean that the Bonq community will have the overwhelming (over 90%) majority of BNQ eligible DAO voting tokens. BonqDAO founders have not vested any tokens yet and they all returned their BNQ claims back to the DAO. Therefore, founders hold no BNQ at the moment, so will not participate in the voting.
Over the next two weeks, BonqDAO will have a series of votes to determine the next steps, the implementation of the business model and the election of its executive members. Here are the votes that BNQ will be able to cast:
“Do you want BonqDAO to continue or do you want it to stop operations and be dissolved?” Vote: Continue or Dissolve
“Do you want BonqDAO to implement the Bonq 2.0 recovery plan?” (The plan described in this document). Vote: Yes or No
“Do you want Delia Sabau to remain a BonqDAO member or resign?” Vote: Remain or Resign
“Do you want Michal Bacia to remain a BonqDAO member or resign?” Vote: Remain or Resign
In the voting process, it will be the BNQ holders who will determine the next steps for BonqDAO. Once the community votes and the votes are validated, we will start sharing implementation plans based on the path the community decides to take.
Yesterday, on February 24, BonqDAO completed the BNQ airdrop. In total, around 85 million BNQ was sent to all wallets affected by the attack. Next, on Monday, February 27, the community vote will start and voting will be open until Sunday, March 5.
After the recent discussions with the BNQ community, we’d like to clarify that BonqDAO is not intending to abandon the lending protocol or the stablecoin. We just wanted to be clear that re-launching the stablecoin won’t be easy. At the same time, a non-custodial, decentralized stablecoin pegged to EUR might be more relevant than ever in light of the recent regulatory developments in the US (the “regulation by enforcement” by the SEC targeting $ pegged stablecoins) and in the EU (Markets in Crypto-Assets, MiCA, Regulation emphasizing the role of DeFi and EUR pegged stablecoins).