On 1st December, Badger DAO fell victim to a deadly hack that stole up to $120 million of users funds. What’s most surprising is the simplicity by which the hackers have pulled this stunt off.
What is Badger DAO?
Badger DAO is a decentralized Autonomous Organization that enables investors to use Bitcoin as a collateral across DeFi applications. The DAO has a governance token called BADGER that is an EC-20 token. The token is used for exercising voting power and for claiming rewards of the community wealth.
What went down?
The suspect group of hackers input a malicious script into the UI of the website. Those users who interacted with this script while it was live, were a victim to the hack. It intercepted the Web3 transactions and inserted a push request to transfer the funds straight to the hacker’s address.
One transfer stood out wherein the user’s 896 Bitcoin worth $50 million was stolen and deposited. The total hack stands at $120.3 million – 2.1k Bitcoin and 151 Ether.
The hack was extremely transparent and in plain sight. The script had been live since 2015 in random intervals, to prevent any suspicion or attracting attention.
Badger jumped to action when it detected the attackers’ activity. However it was very late to do so as the script was live for more than 20 days. It immediately froze the platform, halted all smart contracts and warned users to decline all transactions.
Badger is working alongside blockchain security and data analytics, Peckshield to investigate the heist. Additionally, it is working with data forensics experts Chainalysis to explore the full scale of the incident. It is also doing the needful to cooperate and comply with the US & Canada authorities.
One of the main crux points is how the hackers managed to access Cloudflare via an API key. This was to be secured with 2-factor authentication. The hackers have hit the protocol where it hurts most and where it’s most vulnerable – the older web 2.0 technology.
What will happen to the funds?
As of now, there are no developments or clarity on whether the funds have been recovered or not. However by principle, crypto transactions are irreversible in nature.
As a consequence of the hack, BADGER token has plummeted by 20% from a daily high of $29 to $22.
Ensure that your funds are stored in a safe place and research what security measures and protocols are in place.
At ZebPay, security is of paramount importance. We invest in top tier technology to maintain the security of your wallets and trades. For wallet security, we partner with BitGo, the global leader in digital asset custody, providing $100 million of insurance to protect our members.To maintain the integrity of our blockchain transactions, we partner with Chainalysis, who provide blockchain data and analysis to government agencies, exchanges, and financial institutions across 40 countries for compliance and investigation.