3 December 2021

Hackers steal over $120 million in crypto from DeFi project BadgerDAO


Hackers steal over $120 million in crypto from DeFi project BadgerDAO

A blockchain-based decentralized finance (DeFi) platform BadgerDAO has paused all smart contract activity after a hacker (or a group of hackers) has stolen funds from multiple cryptocurrency wallets connected to BadgerDAO.

According to blockchain security firm PeckShield, which discovered the security breach, the various tokens stolen in the hack are worth $120.3 million. PeckShield says that the attackers managed to steal more than 2,100 Bitcoin and 151 Ether from Badger user accounts. Furthermore, the security firm said that one user alone lost more than 900 Bitcoin (over $51 million).

After PeckShield disclosed the theft, BadgerDAO said that it is investigating the hack.

“Badger has received reports of unauthorized withdrawals of user funds.As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals.Our investigation is ongoing and we will release further information as soon as possible,” Badger wrote in a tweet.

It is unclear when smart contract activity will be resumed.

“Badger has retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own,” the company added.

A member of the BadgerDAO support team, known as Kryptobi, told Motherboard that it appears that someone injected a malicious script into BadgerDAO’s frontend after compromising an API key for BadgerDAO’s Cloudflare account. A core team member of the Badger team, who goes by Jonto, has confirmed this information.

“The malicious script basically tricked people into giving the address rights to send the tokens to the exploiter address,” Jonto said.


Back to the list

Latest Posts

The story of the four bears: Brief analysis of APT groups linked to the Russian government

The story of the four bears: Brief analysis of APT groups linked to the Russian government

In “The Four Bears” series we will tell you about the APT groups known as Fancy Bear, Cozy Bear, Voodoo Bear, and Berserk Bear.
17 January 2022
Cybersecurity year in review: Most notable APT hacks of 2021

Cybersecurity year in review: Most notable APT hacks of 2021

In 2021 nation-state actors somewhat faded into the background, but they still pose a significant threat.
17 January 2022
Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

The attackers exploited the Log4Shell vulnerability on ONUS’ Cyclos server to plant backdoor and exfiltrate data.
30 December 2021