New $BONDLY Token Redeployment Guide

Introduction

Following the July 14th incident in which the $BONDLY token contract was acquired by an unknown Attacker, we are redeploying a new token contract which will provide all $BONDLY holders who held the token prior to the attack with a replacement, or new, $BONDLY. This will invalidate the Attacker’s stolen $BONDLY tokens.

Though the original token contract was never exploited, we have had two independent auditors assess the new token contract and added additional layers of security, to ensure an incident like this can never happen again. We want to assure our token holders that we have taken every precaution to ensure the integrity of the contract and our token going forwards.

Launch Date

The redeployment will commence at (4:30pm UTC August 29th) and the claims website URL will be announced to the community in due course. Token holders will have a minimum of 24 hours notice prior to redeployment to ensure they are prepared. By controlling the timing of the claims website URL announcement we are attempting to avoid malicious websites being launched by bad actors. Please continue to monitor our community channels for updates.

Same Name. New Token. New Contract.

Our new $BONDLY token will continue to have the same name, but will have a new smart contract across all 3 networks: Ethereum, BSC and Polygon.

ETH TOKEN ADDRESS:

0x91dfbee3965baaee32784c2d546b7a0c62f268c9

BSCTOKENADDRESS:

0x5D0158A5c3ddF47d4Ea4517d8DB0D76aA2e87563

MATIC TOKEN ADDRESS:

0x64ca1571d1476b7a21c5aaf9f1a750a193a103c0

The original $BONDLY tokens are being replaced and will therefore no longer have utility within our ecosystem or those of our partners; we strongly recommend you remove the token from your wallets to avoid confusion.

There are no material changes to the tokenomics of the new token, as it is simply replacing the previous version.

Snapshot Timeframe for Token Redeployment

With a snapshot of all three blockchains impacted, Bondly and its independent auditors PARSIQ have identified the epoch (i.e. era of time within a blockchain network) before the attack began (Jul-15–2021 12:16:01 AM +UTC). The details of these snapshots are as follows:

Criteria for Claiming the New $BONDLY Token

All token holders with $BONDLY in their wallets or in one of the confirmed locations (see below) at the time of the relevant snapshot will be reimbursed 1-for-1 (i.e. direct replacement) with the new $BONDLY token

To prevent the Attacker from capitalizing a second time, Bondly cannot reimburse those who purchased $BONDLY tokens after the snapshot. The Attacker, for example, could have purchased tokens with the proceeds of the $BONDLY s/he stole thereby doubling the amount stolen. We have no way of knowing, of course, who the Attacker is, so the impact of the attack on Bondly would hurt the honest people in our community.

We recognize this is not what many in our community want to hear. We consulted with many third-party crypto experts and legal experts to find an alternative solution and unfortunately, the Bondly team was left with no other choice.

Compensation for Liquidity Pool $BONDLY Token Holders

Those who had $BONDLY in a Liquidity Pool (LP) at the time of the relevant snapshot will receive the value of their $BONDLY holding within that pool plus an additional 30% reward.

$BONDLY Locations Included in the Snapshot

Below are the locations included in the snapshot taken for the redeployment of the new $BONDLY token:

Bondly held on the following networks:

• Ethereum
• Polygon
• Binance Smart Chain

Ferrum staking (v1-v3) along with unclaimed rewards

MANTRA DAO staking, along with unclaimed rewards (includes amounts stuck in the eight (8) day waiting period)

MANTRA DAO ZENTEREST platform

Pancakeswap liquidity pools (LP):

• BNB-Bondly
• BUSD-Bondly

Quickswap liquidity pools (LP):

• Matic-Bondly
• USDT-Bondly

Uniswap liquidity pools (LP):

• Eth-Bondly
• USDT-Bondly

If Your $BONDLY was Held on a Centralized Exchange

We will be distributing the new $BONDLY tokens at a 1:1 ratio to each of the centralized exchanges holding $BONDLY at the time of the attack, determined by the exchange’s holdings according to our snapshot. How these tokens are then distributed is at the discretion of the exchange, and we recommend contacting their support team for clarity.

If Your $BONDLY was Held Elsewhere

Our claims website, once live, will inform you of your eligibility to claim your new $BONDLY tokens to eliminate any doubt. If you held $BONDLY at the time of the snapshot in a location that is not identified in this article, and that our claims website does not recognise, please submit a ticket on our customer service portal on our claims website.

How to Claim the New $BONDLY Token

Details on our token claims website will be released in the coming days in a step-by-step guide.

Gas Fees During the Claims Process

During the claims process token holders will be asked to pay gas fees to process the transaction. To help compensate our $BONDLY token holders for these costs we are allocating new $BONDLY tokens to each claimant to cover a portion of their gas fees as follows:

Ethereum network claims: 50 $BONDLY tokens

Polygon network claims: 10 $BONDLY tokens

BSC network claims: 10 $BONDLY tokens

Please note, these additional contributions will be automatically added to the total number of tokens you are eligible to claim on our claims website. Only claims transactions that take place on our claims site will be offered gas fee contributions.

Questions From Our Community

In this section we look to address further questions that have come from our community, and we’ll continue to keep it updated as more are asked.

How do I know which is the official website?

The official website to claim your new $BONDLY token will be announced on our official community channels, and will be part of the bondly.finance web domain. Any other new $BONDLY token claim website is not owned by Bondly and should be reported immediately.

What wallets are supported by the claims website?

Our token claims website will support MetaMask, Venly and any other wallets included within the WalletConnect list of supported applications found here.

If you held $BONDLY in a wallet not recognised by our claims website please contact our customer services team using the support application on our token claim website, providing your wallet address, and we will review your claim. This review will take a number of days to process.

Why do you need to redeploy your smart contract, rather than continue to use the ‘old’ $BONDLY token contract?

During the attack beginning 14th July the ownership of our token smart contract was transferred to a malicious wallet address. Without having any means of accessing the token smart contract there is too much risk that the attacker will continue to exploit the contract to the detriment of $BONDLY token holders. As a result we are deploying a new contract to replace the ‘old’ token contract, for the security and safety of our token holders.

Will there be any changes in the tokenomics?

There are no material changes to the tokenomics of the new token, as it is simply replacing the previous version.

I didn’t sell my old $BONDLY, does this impact my claim

No, only the amount of $BONDLY held at the time of the snapshot determines the amount you are now eligible to claim and not the amount held now.

I bought $BONDLY after the attack, why can’t I claim my new tokens now?

To prevent the Attacker from capitalizing a second time, Bondly cannot reimburse those who purchased $BONDLY tokens after the snapshot. The Attacker, for example, could have purchased tokens with the proceeds of the $BONDLY s/he stole thereby doubling the amount stolen. We have no way of knowing, of course, who the Attacker is, so the impact of the attack on Bondly would hurt the honest people in our community.

We recognize this is not what many in our community want to hear. We consulted with many third-party crypto experts and legal experts to find an alternative solution and unfortunately, the Bondly team was left with no other choice.

I used to hold $BONDLY before the hack but after the compromise I decided to sell them. Can I claim tokens now?

Yes if you held your $BONDLY at the time our snapshot was taken, immediately prior to the attack, you will remain eligible to claim the new token.

I use a hardware wallet (i.e. Ledger/Trezor wallet), will that make any difference?

No, you will still be eligible to claim your new $BONDLY tokens assuming you held these at the time of the attack. You will need to connect your hardware wallet to MetaMask or another compatible wallet platform to undertake the claims process on our dedicated website.

I used a chain-swapping service with my $BONDLY tokens after the snapshot, will that affect me in any way?

No, the $BONDLY tokens held in your wallet on either Ethereum, BSC or Polygon at the time of the snapshot are the ones that will be counted and eligible for a 1–1 replacement with new $BONDLY tokens.

Do you have customer support? Where can I find it?

Our claims website has a dedicated help portal and if you aren’t able to find the support you need you can contact our support team directly on there.

When should I remove the old token? Before I claim or after I claim?

It makes no difference when, or if, you decide to remove or dispose of the ‘old’ $BONDLY token, as the snapshot is what determines the amount of new $BONDLY you are eligible to claim. The amount of the old token held in your wallet has no bearing on your eligibility to claim the new token.

What will happen to the ‘old’ $BONDLY token?

Bondly does not have the ability to remove or delete the ‘old’ token contract as ownership was transferred during the attack to a malicious wallet address.

Once I claim the new tokens, will my old $BONDLY disappear?

No, you will need to manually remove the old $BONDLY custom token from being visible in your wallet.

Is there a time limit for claiming my new tokens?

There is no limitation in time to claim your new tokens.

I saw a tweet from Bondly circulating saying that all token holders would be compensated, why is that not the case?

A twitter thread was published on 15th July from Bondly stating that Bondly will be reissuing its token to all holders who lost liquidity during the hack, as follows:

Update on token redeployment: Bondly will be reissuing its $BONDLY token to holders who lost liquidity during last night’s compromise. We’ll provide more details of the reissue shortly.

The thread continues:

We continue to recommend no further $BONDLY tokens are purchased until the redeployment. Meanwhile we want to reassure the community that we are working hard to uncover the cause of the compromise and will provide an update once more is known.

The community subsequently raised questions around the terminology of the phrase ‘holders who lost liquidity’, as they felt it implied that only those who had provided liquidity in decentralised exchanges would be compensated. A subsequent tweet was then published within the thread, that read

To clarify: all token holders will have new tokens issued as part of this redeployment.

The purpose of this tweet was to clarify that it was not just liquidity providers impacted by the attack who would be compensated, but that all those who held the token at the time of the attack would be compensated.

This tweet has since been frequently taken out of the context of the thread by community members to suggest that anyone who held $BONDLY before or since the attack would receive new tokens. This unfortunately is not, nor ever has been, the case and is a misinterpretation of the statement. The tweet was swiftly removed to avoid any further confusion.

We are sorry for the confusion caused by the tweet and immediately revised our comms strategy to ensure this didn’t happen again.