Unknown hackers stole $ 120 million from BadgerDAO

Unknown attackers stole about $ 120 million from the BadgerDAO DeFi project (in Bitcoin and Ether). At the same time, the attack was not related to smart contracts and complex vulnerabilities, but to the BadgerDAO infrastructure, the Cloudflare account, and the BadgerDAO CDN.

The developers of BadgerDAO officially confirmed the hack on their Twitter account, reporting “unauthorized withdrawal of users’ funds.” BadgerDAO systems are currently offline and operations are suspended.

Badger has received reports of unauthorized withdrawals of user funds. As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals. Our investigation is ongoing and we will release further information as soon as possible.BadgerDAO developers reported.

According to blockchain analysts PeckShield, hackers stole cryptocurrencies worth about 2,100 BTC ($ 118,500,000) and 151 ETH ($ 679,000). Researchers say that just one user lost more than 900 bitcoins, or approximately $ 50.5 million.

News sites including Coinspeaker, CryptoBriefing and CryptoSlate cite Discord Badger users claiming that attackers used a vulnerability in the platform’s user interface to gain access to other people’s accounts and withdraw funds. BadgerDAO representatives do not comment on these theories in particular and what is happening in general.

Matthew Green
Matthew Green

The Vice Motherboard even reports that when interacting with BadgerDAO using the Metamask wallet, users encountered suspicious requests for rights. Users drew attention to this only when funds from their wallets began to disappear, and BadgerDAO “suspended” all smart contracts.

The experts the reporters spoke to speculate that someone injected malicious script into the BadgerDAO interface after the API key for the BadgerDAO Cloudflare account was compromised.

The details of this attack should be expected to be released soon, as the BadgerDAO hack has already attracted the attention of security professionals. For example, Matthew Green, renowned researcher and professor of cryptography and computer science at Johns Hopkins University, tweeted:

It’s funny how little computer security people know about the [decentralized application] ecosystem. It’s like they’re living in a hotel from The Shining and have no idea what’s going on in room 237.

Let me remind you that we also reported that attackers stole $ 600 million from the Chinese DeFi platform Poly Network.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button