BadgerDAO, a DeFi protocol for earning yield with tokenized Bitcoin on Ethereum, has fallen victim to an attack.
What Happened
DeFi protocol BadgerDAO has fallen victim to a large hack. According to security researchers PeckShield, $120.3 million was stolen from users of the protocol. Apparently hacker added a malicious script to the protocol’s frontend website, prompting users to approve a smart contract transaction giving the script unlimited permission to drain funds from their wallets. Many of the tokens represent assets held in a vault. Meaning they can be redeemed for multiple tokens with varying values. Making it harder to total the amount of funds stolen.
Decentralized finance (DeFi) systems rely on blockchain technology to let crypto owners perform more typical finance operations. For example earning interest via lending. BadgerDAO says that users can “rest easy knowing you never have to give up the private keys for your crypto, you can withdraw anytime you like, and our team is working day and night to put your assets to work”. Protocol allows people who have Bitcoin to “bridge” their cryptocurrency over to the Ethereum platform via its token. A well as take advantage of DeFi opportunities they never have before.
Quotes
“Badger has received reports of unauthorized withdrawals of user funds. As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals. Our investigation is ongoing and we will release further information as soon as possible,” Badger wrote in a tweet.
“It looks like a bunch of users had approvals set for the exploit address allowing [the address] to operate on their vault funds and that was exploited,” Badger core contributor Tritium wrote on Discord. Tritium added that once the problem was identified. They froze all vaults to prevent the movement of funds, while “trying to figure out where the approvals came from, how many people have them, and what next steps are.”
“Badger has retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own,” the company added.
