Badger DAO loses $10 million in hacker attack
Badger DAO loses $10 million in hacker attackBadger DAO loses $10 million in hacker attackEin Hacker (Symbolbild)Ein Hacker (Symbolbild)

BadgerDAO is a well-known DeFi protocol that allows Bitcoin to be used on Ethereum and other blockchains. Now Badger has fallen victim to a hack. The prominent player in decentralized finance has lost around $10 million in various cryptocurrencies from its yield vault protocol, CoinDesk reports.

Badger user interface vulnerability?

The first report of possible problems surfaced last night in the log’s Discord group. Currently, there is speculation in the community that the hack was caused by a vulnerability in the user interface and not in the core protocol.

Users affected by the hack noticed that their wallets were asking for additional permissions when claiming Yield Farming rewards and interacting with Badger vaults. A Badger employee wrote on Discord:

It looks like a number of users had permissions set on the exploit address that allowed [the address] to work with their vault funds, and that was exploited. As soon as we noticed that, we froze all the vaults so nothing could move. We’re trying to figure out where the permits came from, how many people have them, and what the next steps are.

1

<img src=”image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAABkCAYAAADDhn8LAAAAAXNSR0IArs4c6QAAFj1JREFUeF7tXWdYVEcXfulVEVEQFbAriopdYxcrAWus0cTYjSkaYzQm+qlppploTDTWxBLFjqIgKnawYItEwYqCoqA0UaR/z7nKsgv33r27e3fFZeYPz8POnDnnnfvemTlz5lyT9utRAFYYAgwBXgRMGEHYk8EQEEaAEYQ9HQwBEQQYQdjjwRBgBGHPAENAOwTYDKIdbqxVGUGAEaSMDDQzUzsEGEG0w421KiMIMIKUkYFmZmqHACOIdrixVmUEAUaQMjLQzEztEGAE0Q431qqMIMAIUkYGmpmpHQKMINrhxlqVEQQYQcrIQDMztUOAEUQ73FirMoIAI0gZGWhmpnYIMIJohxtrVUYQYAQpIwPNzNQOAUYQ7XBjrcoIAowgZWSgmZnaIfDKCOJgVQm/dQ9D4rN4fHrYVzvtWSujRaCSTVVsHXAbSyM/wc7ry5BfkP9KbH1lBPm52z60qdoHYbEBmHti2CsxnnVaehGoaO2C3W894BT84uhAHI3b+UqUfSUEmdZyCQY1+BCZuU/hv80Zz3OfvRLjWaelFwETmODztqvhW+c9PMt5gg9CO+NaygWDK2xwggyoNxlTWy6GmakFIhMOYuqhHgY3mnX4eiBgZ1EegYPuw9rcDnHp1zAhpC2eZKcYVHmDEqSeozd+73UcNub2yC/Iw+SQ9vjv8WmDGsw6e70QWNrjCLxdOnNKRyVF4P3QDgbdjxiMIC62btg6IBamJqacsTGPz2FscMvXa7SYtgZHoJlzZyzpEQaTl8/Nvptr8f2pCcgryDWILgYhiKWZNTb3uw5n2+oKo5adn4mNV34wiJGsk9cbgfV+l1GzgpfCiG/CRyP41t8GMUrvBKHN1vyOm9HNY4jCoOy8TPTfXg3pBl5PGgRR1onsCIxrMh+jm8xVyM3Lz8VnR/xx+n6I7H0VF6h3gkz0/gajvGar9Lv/1np8Ff6O3o1je7ScWF1WMIcAg0qNgCq3wjedFYdXEO/or6Wi9IyU4QcuP+1HUfWlftxavwwoixCLq5Ri/GMKHGi4ClmRVCh6TD3MySx8gCfBjaBRcSj8kOgOwEGe75Kaa0+FFQ0bH7WiAm+bzshjCBxo/An73C0ahyO15D07MeY3xIG9x7clNWIGQlSJPK7bG4+yFYmFkJKjkssC7in9yQ1QgmrGwg8Fmb5ehbd6KgsWfvh3Lu35z8bNkAkY0gFqaWWO17DrWUDnT4tHx7tyfupEfLZgATVHYQmNd+E7rXFI/8XnnxS/wd9Y1soMhGkNlt13CRl+rK4rMfYWvMb+qqsd8ZAioI2JrbI3hIMhfkKlaycjMxeFcNJMvkJZWFILbm5bjYfWtzW7XDmpOXhelhfXD+4WG1dVkFhgAhYApTzGq7StILmOpfTjyJyaEdZAFPZ4JQKMnP3YIFvVZ8WmblZeJk3G6cTtiP2LSryM57zh0mXn18ltcoent0cuuPZi5d4VquJlxs3WFjbsedrJKs1OeJSHgai8uJ4Th8dxsSn8XpDA6FWlewqozyVhVhZWYLc1NzLmCOwhyy8p7jaU4a0rKSkJaVzEUmy1FqOTTiIlfrODaFk00VWJvbo6AgH89yn+DxswREJ0fibMIB7ham3MXMxBwNnFrA26ULapT3hKN1Zc7u3IJcPMtJx/XkC6KuVHoOqth5oGWV7qjv1BxONq6wtSjPPdykP5173Ui5hLMPDuJO2lVB9ctbOaGafS3k5edwMjydWoMOnGs5NpZsMu1BBu+sgUeZCZLbCFXUmSAVrCohaHCSzopsiFqI5Rc/V5FTw6Eh+tYZD9/a78He0kFSHwUFBTgetwubry7C5aSTogdINON5lPeEW/l6oIeTAuLcy9eDq31NUICllELkoMGn+wp302M4Dx05IWLTruCxhAGiAE4fj6HwqzMWHg6eUrrEpcRj2HtjDXfL7mlOuqQ2QpVqV2iMHjVGoHetUahkW423Gs3680+MwJG4HSV+p5dIR7d+8K1jBPeZ44NbC4YJiQk9OiKHd1l+Jy0abyvpP9H7W4xS43Gk8JXvIsYg6tEpjbEUayArQQo7qmxTFQs6bUX9ii0ED+SUCSLmHTl2dwdmH5M2vRb2P7/DZvjUGMpr94+nJyLwujTfupwEOTQsE1bmJcNX6CzId6vmBGnl2gO/+ITy2khhL8N3F4Vq0IHeVoFDt6fZaei1Rf1JuBhBxuxtrlXe3CMjsnkdDnHpMRi+u2j5NcH7a7zj9QWvrYRfWOxmLDn/ieQlqiYM0gtBChWwNbfjDnp61CzyHBX+JpUgdId9+YVZnLtQiiuX5H/U8hd4VX6DEeQlAq8/Qb7BO8VSR5HHbc2ledgcvUivqUj1SpDCJ5ROyF3s3NDUuRM6Vu+L+k4tMfNwX0Q9CueqaOJf14T9fHXZDKKKSmmcQSj8aITSDEIxef61x+LfpBM4Eb+HW85RxLauh4BSniWDEESdIowg8i6xirs5X7cZpDhB1D0/+vydEUQEXTn3IGHDMmFpoD0II4h8lCkVBBnTeC7GNJ0vn1Uikn46PRG7XsEm3ZAEed036WwGKfYAG3KJNTGkreQQBDlnEEN6sdgMIt+7tlTMIGIEobfJodiAEqGI5LWnc5fCv8qQKP+v0LtPdxvOPwzDv4knJKeplJMghpxBGEHKEEG0OQeRCx45CcJmkJKjInQOwpZYGiyxjIUgbAYpSZCjI7J50/gwgmhAkKN3d+ALDU/SS+MMEjbsGSzNS4Zs00cp+2ypqLHKbVx742efYN52cWkxGL6n6CRaDjfvP32jBRMpaBNqQllswoZn8kZeM4IUG9Z3vb7AeIFYrIh7+zDj8JsaP0ByNJBziRU8OBnlrEre5KOsKH5bK2v8ta23G87A5Ob8n7C7lRqFd4KK0uTIQhD/q3AXiL5dEjkVW6IXawR5V/dB+KrTNt42salXMDJI3mvXGimnVLlUbNK7ug/GV5228NqQmpWEgTvcNTo1renQEHQPnS5A6VLkJMhfvhdRp2JTXnUeZNzhgvOUM3 alt=”eToro non-US” />

Minimum deposit

€50

Exclusive offer

More than 3,000 assets – forex, stocks, cryptocurrencies, ETFs, indices and commodities

Buy cryptocurrencies or start trading CFDs

CopyPortfolios: Innovative, fully managed investment strategies.

CFDs are complex instruments and carry a high risk of losing money quickly through leverage. 68% of retail investor accounts lose money trading CFDs from this provider. You should consider understand how CFDs work and whether you can afford to take the high risk of losing your money.

See also  El Salvador makes bitcoin legal tender

The team also confirmed the security breach on Twitter:

Badger has received reports of unauthorized withdrawals of user funds. While our engineers investigate it, all smart contracts have been paused to prevent further withdrawals. Our investigation is ongoing and we will release more information as soon as possible.

Much of the money was withdrawn yesterday

According to insiders, the hacker or hackers withdrew 136,000 cvxCRV, 185 WBTC, 64,000 veCVX, and various forms of Synthetic and Vaulted Bitcoin totaling more than $10 million from the affected wallets. Although the suspicious credentials may have been requested weeks before the attack, most of the money was withdrawn last night.

Contracts have been paused, but community members recommend depositors use Debank, Unrekt, or a similar tool to revoke the malicious entity’s permissions.

BADGER is the native governance token of BadgerDAO. It is an ERC 20 token with a fixed maximum amount of 21 million. It is currently traded on Ethereum, Binance Smart Chain, and Polygon blockchains and will soon be supported by Fantom. At the time of writing, BADGER has lost about 15% on the day and costs $22.50 per token.

The most popular hacks

While $10 million is a big loss by anyone’s standards, it pales in comparison to attacks on BitGrail in 2018 ($146 million) and KuCoin in 2020 ($281 million). Not to mention Japanese exchange MtGox, which was dissolved after $450 million was withdrawn in 2014.