The BadgerDAO protocol was allegedly mined, with initial estimates showing the amount stolen at around $120.3 million, according to security researchers PeckShield.
DeFi protocol BadgerDAO exploited for $120 million in front-end attack
BadgerDAO is a DeFi protocol focused on providing yield for Bitcoin. The idea is that you bridge your bitcoin over onto a smart contract platform like Ethereum, as wrapped bitcoin, which you can then use within DeFi applications. BadgerDAO provides a variety of vaults where users can park their wrapped bitcoin and earn yields depending on the yield generation strategies used by the vaults.
The attack, which was made public at about 2 a.m. UTC on Dec. 2, targeted the protocol on the Ethereum network at contract address 0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107.
FYI, nasty frontend attack on Badger, looks like ~10m taken out of people’s wallets using rug approval. If you’ve interacted with anything badger related in last few weeks, check and revoke asap https://t.co/vJPMmBZ3af
— Spreek (@spreekaway) December 2, 2021
“Badger has received reports of unauthorized withdrawals of user funds. As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals,” BadgerDAO tweeted today, confirming the exploit.
Badger has received reports of unauthorized withdrawals of user funds.
As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals.
Our investigation is ongoing and we will release further information as soon as possible.
— ₿adgerDAO ? (@BadgerDAO) December 2, 2021
PeckShield documented the variety of assets stolen in the hack, which range from tokens like wrapped bitcoin (WBTC) and convex finance (CVX) to more complicated tokens like “ibbtc/sbtcCRV-f.” Many of the tokens represent assets held in a vault, meaning they can be redeemed for multiple tokens with varying values — making it harder to total the number of funds stolen. One user had around 900 bitcoin ($50.8 million) worth of tokens stolen in a single transaction. Another lost $5 million worth of tokens in one go.
Users have complained about receiving suspicious requests for additional permissions while operating their accounts on the platform. Soon after, the project confirmed that it had received numerous reports of unauthorized withdrawals of user funds.
Its engineers have started an investigation and have paused all smart contracts in the meantime to prevent further withdrawals. However, Badger failed to provide more details on the precise amount stolen or which parts of its operations were affected.
While protocols like BadgerDAO are decentralized and can be interacted with directly, it requires specialized knowledge to do so. Most users will use a front end like the BadgerDAO website (although alternative front ends can be used). But this does have an element of risk: if the front end gets comprised, as in this case, then it can lead to loss of funds.
BADGER/USD 4-hour chart | Source: TradingView
BADGER is down 15% to $22.3 at the time of writing.
Sign up for a Binance account here (Discount 10% trading fees): https://accounts.binance.com/en/register?ref=29171587
Read more:
- Continuing The Drama, Johnny Dang & Co. On Google Is Rated 1-Star, Wiki Information Was Edited To A Scammer
- A Vietnamese YouTuber Accused Johnny Dang, Founder Of Diamond Boyz Coin (DBZ), Of Scamming $1.5 Million