Bitcoin DeFi tool BadgerDAO hit by estimated $120 million hack

Bitcoin DeFi tool BadgerDAO hit by estimated $120 million hack


Decentralized autonomous organization BadgerDAO recently suffered a major exploit, and according to the current speculation the attack was executed via the DeFi protocol’s front-end.

Without revealing any details related to the attack, the team confirmed receiving reports of unauthorized withdrawals of user funds on Twitter, announcing it paused all smart contracts in order to halt further damage.

BadgerDAO leverages infrastructure that allows users to bridge their Bitcoin to other blockchains, thus enabling them to use it as collateral for earning yield in DeFi applications (Dapps).

Counting victims

While confirming that they have “received reports of unauthorized withdrawals of user funds,” the Badger team assured they are investigating the issue.

Badger has received reports of unauthorized withdrawals of user funds.

As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals.

Our investigation is ongoing and we will release further information as soon as possible.

— ₿adgerDAO 🦡 (@BadgerDAO) December 2, 2021

Meanwhile, PackShield listed the funds that were transferred out during the attack on Twitter, revealing brutal losses, crossing $120 million.

Here is the current whereabouts as well as the total loss: $120.3M (with ~2.1k BTC + 151 ETH) @BadgerDAO pic.twitter.com/fJ4hJcMWTq

— PeckShield Inc. (@peckshield) December 2, 2021

According to the blockchain security and data analytics company, one of the most affected users lost roughly 900 Bitcoin.

Front-end hack

Judging by the early user reports, the attack started on late Wednesday/early Thursday, and according to current speculation on the protocol’s official Discord channel, an API key for Cloudflare was compromised, which allowed the attacker to tamper with Badger’s front-end interface.

READ also :  Why the world’s largest museum is embracing NFT technology

From the @BadgerDAO discord, it looks like the hack took place via script injection through a Cloudflare API key.

Total present estimate of loss: $130m pic.twitter.com/PVChCEnQis

— Ram (@hiddentao) December 2, 2021

“It looks like a bunch of users had approvals set for the exploit address allowing it to operate on their vault funds and that was exploited,” wrote Badger core contributor Tritium on Discord, while clarifying how users were tricked into approving unwanted transactions.

The price of BADGER is down 14% ​​at the time of writing.

BADGER USD Chart on TradingView

The protocol was hit just days before marking a one-year anniversary.

CryptoSlate Newsletter

Featuring a summary of the most important daily stories in the world of crypto, DeFi, NFTs and more.

Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis

Price snapshots

More context

Join now for $19/month Explore all benefits


Recommended For You

About the Author: Crypto News

Leave a Reply

Your email address will not be published.