{"id":14159,"date":"2021-12-03T16:50:36","date_gmt":"2021-12-03T11:20:36","guid":{"rendered":"https:\/\/zebpay.com\/?p=14159"},"modified":"2021-12-03T16:50:36","modified_gmt":"2021-12-03T11:20:36","slug":"badger-daos-120m-hack","status":"publish","type":"post","link":"https:\/\/zebpay.com\/in\/blog\/badger-daos-120m-hack","title":{"rendered":"Badger DAO\u2019s $120M hack"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_66_1 counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/zebpay.com\/in\/blog\/badger-daos-120m-hack\/#What_is_Badger_DAO\" title=\"What is Badger DAO?\">What is Badger DAO?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/zebpay.com\/in\/blog\/badger-daos-120m-hack\/#What_went_down\" title=\"What went down?\">What went down?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/zebpay.com\/in\/blog\/badger-daos-120m-hack\/#Badgers_response\" title=\"Badger\u2019s response\">Badger\u2019s response<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/zebpay.com\/in\/blog\/badger-daos-120m-hack\/#What_will_happen_to_the_funds\" title=\"What will happen to the funds?\">What will happen to the funds?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/zebpay.com\/in\/blog\/badger-daos-120m-hack\/#Concluding_Thoughts\" title=\"Concluding Thoughts\">Concluding Thoughts<\/a><\/li><\/ul><\/nav><\/div>\n\n<p>On 1st December, <a href=\"https:\/\/app.badger.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Badger DAO<\/a> fell victim to a deadly hack that stole up to $120 million of users funds. What\u2019s most surprising is the simplicity by which the hackers have pulled this stunt off.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-is-badger-dao\"><span class=\"ez-toc-section\" id=\"What_is_Badger_DAO\"><\/span>What is Badger DAO?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Badger DAO is a decentralized Autonomous Organization that enables investors to use Bitcoin as a collateral across DeFi applications. The DAO has a governance token called BADGER that is an EC-20 token. The token is used for exercising voting power and for claiming rewards of the community wealth.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/9IPGs246_7WYVRm0AAm8SGQuh7nma3ELfoepYS94iNOGTPM80ctI6iGZFlCrsOLxw0E9gwWXIvUKlJ-kS14saOd5Im-TFyPPEVGTLvluB56NqPADpVosRgLqQ10dBl3IxBhS8p2i\" alt=\"\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-went-down\"><span class=\"ez-toc-section\" id=\"What_went_down\"><\/span>What went down?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The suspect group of hackers input a malicious script into the UI of the website. Those users who interacted with this script while it was live, were a victim to the hack. It intercepted the Web3 transactions and inserted a push request to transfer the funds straight to the hacker\u2019s address.&nbsp;<\/p>\n\n\n\n<p>One transfer stood out wherein the user\u2019s 896 Bitcoin worth $50 million was stolen and deposited. The total hack stands at $120.3 million \u2013 2.1k Bitcoin and 151 Ether.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Here is the current whereabouts as well as the total loss: $120.3M (with ~2.1k BTC + 151 ETH)  <a href=\"https:\/\/twitter.com\/BadgerDAO?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">@BadgerDAO<\/a> <a href=\"https:\/\/t.co\/fJ4hJcMWTq\" target=\"_blank\">pic.twitter.com\/fJ4hJcMWTq<\/a><\/p>&mdash; PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1466356911842856967?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">December 2, 2021<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>The hack was extremely transparent and in plain sight. The script had been live since 2015 in random intervals, to prevent any suspicion or attracting attention.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-badger-s-response\"><span class=\"ez-toc-section\" id=\"Badgers_response\"><\/span>Badger\u2019s response<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Badger jumped to action when it detected the attackers\u2019 activity. However it was very late to do so as the script was live for more than 20 days. It immediately froze the platform, halted all smart contracts and warned users to decline all transactions.&nbsp;<\/p>\n\n\n\n<p>Badger is working alongside blockchain security and data analytics, Peckshield to investigate the heist. Additionally, it is working with data forensics experts Chainalysis to explore the full scale of the incident. It is also doing the needful to cooperate and comply with the US &amp; Canada authorities.&nbsp;<\/p>\n\n\n\n<p>One of the main crux points is how the hackers managed to access Cloudflare via an API key. This was to be secured with 2-factor authentication. The hackers have hit the protocol where it hurts most and where it\u2019s most vulnerable \u2013 the older web 2.0 technology.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-will-happen-to-the-funds\"><span class=\"ez-toc-section\" id=\"What_will_happen_to_the_funds\"><\/span>What will happen to the funds?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>As of now, there are no developments or clarity on whether the funds have been recovered or not. However by principle, crypto transactions are irreversible in nature.&nbsp;<\/p>\n\n\n\n<p>As a consequence of the hack, BADGER token has plummeted by 20% from a daily high of $29 to $22.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-concluding-thoughts\"><span class=\"ez-toc-section\" id=\"Concluding_Thoughts\"><\/span>Concluding Thoughts<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Ensure that your funds are stored in a safe place and research what security measures and protocols are in place.<\/p>\n\n\n\n<p><a href=\"https:\/\/zebpay.com\/security\/#:~:text=At%20ZebPay%2C%20Security%20Is%20Everything,trade%20cryptos%2C%20stress%2Dfree.\" target=\"_blank\" rel=\"noreferrer noopener\">At ZebPay, security is of paramount importance<\/a>. We invest in top tier technology to maintain the security of your wallets and trades. For wallet security, we partner with <a href=\"https:\/\/www.bitgo.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">BitGo<\/a>, the global leader in digital asset custody, providing $100 million of insurance to protect our members.To maintain the integrity of our blockchain transactions, we partner with <a href=\"https:\/\/www.chainalysis.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Chainalysis<\/a>, who provide blockchain data and analysis to government agencies, exchanges, and financial institutions across 40 countries for compliance and investigation.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/fu0WF6Sskn3QnPPkWB8mZHyMpmmAQJ_378KkS_h8TAWy5iwW8lLgeem9zJ3UHHdM5tiiPh4_7qKUER0xFHD2v3v4q10cj9dO_VPZG0Otky9TLB4OH4YdFxTihVgpIXEKnjg-AWOm\" alt=\"\"\/><\/figure>\n\n\n\n<hr class=\"wp-block-separator is-style-dots\"\/>\n","protected":false},"excerpt":{"rendered":"<p>On 1st December, Badger DAO fell victim to a deadly hack that stole up to $120 million of users funds. What\u2019s most surprising is the simplicity by which the hackers have pulled this stunt off. What is Badger DAO? Badger DAO is a decentralized Autonomous Organization that enables investors to use Bitcoin as a collateral [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14160,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_ayudawp_aiss_exclude":false,"footnotes":""},"categories":[14],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/posts\/14159"}],"collection":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/comments?post=14159"}],"version-history":[{"count":0,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/posts\/14159\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/media\/14160"}],"wp:attachment":[{"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/media?parent=14159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/categories?post=14159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zebpay.com\/in\/wp-json\/wp\/v2\/tags?post=14159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}