Bondly's postmortem says an attacker compromised corporate wallets and gained control of Bondly token and NFT assets after accessing a password account tied to CEO Brandon Smith's hardware wallet recovery phrase. The attacker transferred 373,088,023 BONDLY from the staking rewards contract, minted 200,460,000 zenBONDLY on MANTRA DAO ZENTEREST, borrowed and removed other cryptoassets, and compromised Bondly wallets across Ethereum, Binance Smart Chain, and Polygon. Bondly also reported stolen Uniswap LP tokens, transfer of ecosystem contract ownership to an attacker proxy, and 501 ETH sent to Tornado Cash. The company response included warning users to stop trading BONDLY, remove DEX liquidity, investigate Brandon Smith's wallet access, and redeploy the token contract.