Bondly Finance Mint Key Compromise
Compromised deployer key let an attacker mint ~373M BONDLY (~$5.9M) and dump into liquidity, collapsing the token before the team migrated contracts.
- Date
- Victim
- Bondly Finance
- Chain(s)
- Status
- Partially Recovered
On July 15, 2021, Bondly Finance's deployer key was compromised and used to mint ~373M BONDLY, which the attacker dumped into liquidity for roughly $5.9M, collapsing the token. Bondly subsequently migrated to a new token contract with a holder snapshot.
What happened
BONDLY's mint authority sat on a single compromised key. The attacker minted a vast supply, sold it, and the token crashed; the team migrated to a new contract and snapshot-reimbursed legitimate holders.
Why it matters
Bondly is — once more — single-key unlimited mint authority (PAID Network, EasyFi, [Bondly]). 2021 produced a dense run of these because token projects launched fast with mint authority for "operational flexibility" and never renounced or multi-sig-gated it. The catalogue's most-repeated single sentence applies yet again: renounce or timelock+multisig mint authority — a single mint key is the highest-severity, easiest-to-check, most-ignored red flag in the entire dataset.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-bondly-finance-hack-july-2021
- [02]rekt.newshttps://rekt.news/bondly-finance-rekt