Unknown hackers stole $ 120 million from BadgerDAO
Unknown attackers stole about $ 120 million from the BadgerDAO DeFi project (in Bitcoin and Ether). At the same time, the attack was not related to smart contracts and complex vulnerabilities, but to the BadgerDAO infrastructure, the Cloudflare account, and the BadgerDAO CDN.The developers of BadgerDAO officially confirmed the hack on their Twitter account, reporting “unauthorized withdrawal of users’ funds.” BadgerDAO systems are currently offline and operations are suspended.
According to blockchain analysts PeckShield, hackers stole cryptocurrencies worth about 2,100 BTC ($ 118,500,000) and 151 ETH ($ 679,000). Researchers say that just one user lost more than 900 bitcoins, or approximately $ 50.5 million.
News sites including Coinspeaker, CryptoBriefing and CryptoSlate cite Discord Badger users claiming that attackers used a vulnerability in the platform’s user interface to gain access to other people’s accounts and withdraw funds. BadgerDAO representatives do not comment on these theories in particular and what is happening in general.
The Vice Motherboard even reports that when interacting with BadgerDAO using the Metamask wallet, users encountered suspicious requests for rights. Users drew attention to this only when funds from their wallets began to disappear, and BadgerDAO “suspended” all smart contracts.
The experts the reporters spoke to speculate that someone injected malicious script into the BadgerDAO interface after the API key for the BadgerDAO Cloudflare account was compromised.
The details of this attack should be expected to be released soon, as the BadgerDAO hack has already attracted the attention of security professionals. For example, Matthew Green, renowned researcher and professor of cryptography and computer science at Johns Hopkins University, tweeted:
Let me remind you that we also reported that attackers stole $ 600 million from the Chinese DeFi platform Poly Network.