Multiple cryptocurrency wallets linked to BadgerDAO, a decentralized finance platform, have suffered unauthorized withdrawals. BadgerDAO has reported this to customers and announced an investigation into the matter, with all further withdrawals put on hold until further notice.
Peckshield, a blockchain security company, has been working with BadgerDAO to investigate the attack. It claims over US$120 million (~€106 million) has been stolen, including 151 ethereum and approximately 2,100 bitcoins, with almost 900 of those bitcoins coming from just one account.
According to users of the platform, the hack resulted from a malicious script exploiting the website's UI. They believe that the script intercepted transactions made on the website by customers, giving the hacker's address permission to transact from their vaults. BadgerDAO users also speculate that the hack was made possible by weak two-factor authentication, which allowed the bad actor to access its Cloudflare API.
Alongside Peckshield, BadgerDAO has also been working with a data forensics company, Chainalysis, and authorities in the US and Canada. The BadgerDAO community has recommended that users of the platform use tools like Unrekt and Debank to ensure any permissions granted during the attack are revoked so that they can safely continue to use the site.
Buy the Cryptoassets: The Innovative Investor's Guide to Bitcoin and Beyond book on Amazon