Badger DAO’s $120M hack

On 1st December, Badger DAO fell victim to a deadly hack that stole up to $120 million of users funds. What’s most surprising is the simplicity by which the hackers have pulled this stunt off.

What is Badger DAO?

Badger DAO is a decentralized Autonomous Organization that enables investors to use Bitcoin as a collateral across DeFi applications. The DAO has a governance token called BADGER that is an EC-20 token. The token is used for exercising voting power and for claiming rewards of the community wealth.

What went down?

The suspect group of hackers input a malicious script into the UI of the website. Those users who interacted with this script while it was live, were a victim to the hack. It intercepted the Web3 transactions and inserted a push request to transfer the funds straight to the hacker’s address. 

One transfer stood out wherein the user’s 896 Bitcoin worth $50 million was stolen and deposited. The total hack stands at $120.3 million – 2.1k Bitcoin and 151 Ether. 

The hack was extremely transparent and in plain sight. The script had been live since 2015 in random intervals, to prevent any suspicion or attracting attention. 

Badger’s response

Badger jumped to action when it detected the attackers’ activity. However it was very late to do so as the script was live for more than 20 days. It immediately froze the platform, halted all smart contracts and warned users to decline all transactions. 

Badger is working alongside blockchain security and data analytics, Peckshield to investigate the heist. Additionally, it is working with data forensics experts Chainalysis to explore the full scale of the incident. It is also doing the needful to cooperate and comply with the US & Canada authorities. 

One of the main crux points is how the hackers managed to access Cloudflare via an API key. This was to be secured with 2-factor authentication. The hackers have hit the protocol where it hurts most and where it’s most vulnerable – the older web 2.0 technology. 

What will happen to the funds?

As of now, there are no developments or clarity on whether the funds have been recovered or not. However by principle, crypto transactions are irreversible in nature. 

As a consequence of the hack, BADGER token has plummeted by 20% from a daily high of $29 to $22. 

Concluding Thoughts

Ensure that your funds are stored in a safe place and research what security measures and protocols are in place.

At ZebPay, security is of paramount importance. We invest in top tier technology to maintain the security of your wallets and trades. For wallet security, we partner with BitGo, the global leader in digital asset custody, providing $100 million of insurance to protect our members.To maintain the integrity of our blockchain transactions, we partner with Chainalysis, who provide blockchain data and analysis to government agencies, exchanges, and financial institutions across 40 countries for compliance and investigation.

Disclaimer: Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Each investor must do his/her own research or seek independent advice if necessary before initiating any transactions in crypto products and NFTs. The views, thoughts, and opinions expressed in the article belong solely to the author, and not to ZebPay or the author’s employer or other groups or individuals. ZebPay shall not be held liable for any acts or omissions, or losses incurred by the investors. ZebPay has not received any compensation in cash or kind for the above article and the article is provided “as is”, with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information.

ZebPay Weekly

Subscribe for latest crypto news & stay updated!

    Start Trading Now