BadgerDAO explains details of how it got hacked for $120 million and said in application platform which runs on the cloud network that was the vector for the attack as we can see more in today’s cryptocurrency news.
In a blog post, DeFi platform BadgerDAO Explains details of how it was exploited for $120 million and said that a phishing incident that occurred was caused by a maliciously injected snippet from Cloudflare which is an application that runs on Badger’s cloud network. The hacker used a compromised API key that was created without the knowledge or authorization of Badger engineers to inject the fraudulent code which affected a subset of the customers.
The hacker stole $130 million in funds but about $9 million of that was recoverable because of the funds that were transferred by the hacker but haven’t withdrawn from Badger’s vaults. Badger since patched the Cloudflare exploits and updated Cloudfare’s account password and deleted the API keys where possible. Badger hired cybersecurity company Mandiant and blockchain analysis firm Chainalaysis to investigate the exploit and was working with both companies as well as the authorities in Canada and US to recover the funds if possible.
As recently reported, The on-chain data suggests that the biggest victim from the hack was a wallet that belonged to Celsius Network, a well-known crypto lending firm. It seems that the crypto lending company was affected heavily by the attack as Celsius Network lost $50 million worth of wrapped bitcoin. The reports show how the hackers managed to steal around $120 million from BadgerDAo which is a decentralized autonomous organization that allows users to put Bitcoin as collateral across Defi applications.
The attacker compromised the DAO’s front end and the team Is now working to investigate the exploit with the help of blockchain forensic experts from Chainalysis. A few users were complaining about getting a few unusual requests for additional permissions in their accounts so the attackers managed to add a script to the frontend which tricked users to provide access to the hacker and drain their wallets. Engineers from BridgerDao suspended all smart contracts to prevent more withdrawals while the analysts from Chainalysis continues with the investigation of the incident. The amount stolen was estimated to be around $100 million but the latest data shows that the total losses reached $120 million.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post