Key takeaways:
- An exploit in decentralized protocol BadgerDAO’s website allowed attackers to steal more than $120 million worth of crypto assets
- The investigation into the perpetrators is ongoing; members of the BadgerDAO team believe someone inserted malicious code into their website
- Several BadgerDAO users took to Twitter to voice their frustration with BadgerDAO
BadgerDAO, a decentralized finance (DeFi) protocol that specializes in bringing Bitcoin (BTC) to DeFi, was a victim of a hacking attack that siphoned $120 million worth of digital assets from numerous cryptocurrency wallets connected to the platform.
Hackers made away with more than $120 million worth of Bitcoin and Ethereum
PechShiled, a blockchain security and data analytics company working with the BadgerDAO team to recover stolen crypto funds reported that roughly 2,100 BTC and 151 ETH, collectively worth $120.3 million, were siphoned in the attack.
BadgerDAO security team noticed a series of unauthorized withdrawals from the platform’s system on December 2 at 11:30 p.m. (EST). In response, the company immediately put all smart contract functionality on hold to prevent further unauthorized withdrawals of users’ funds from taking place.
At the moment, the investigation into the attack has born no tangible leads into the attackers’ identities. All that is known at the moment is the amount of funds that have been stolen and cryptocurrency wallets that were hit.
Several users that saw their funds disappear in the attack were obviously furious about the whole ordeal. One user wrote:
“I thought this shit was decentralized? Wtf? I have over 2.2 million dollars in badgers? Now no remove funds? Wtf? I have my entire@life savings a in badger coins wtf. Now no remove? Wtf?”
Another user shared his horror story in the Twitter thread:
“I’m feeling sick. Nearly 200k vanished. Please don’t let this be true!!”
The BadgerDAO team believes that the attack was made possible by a malicious script that the perpetrators put into the UI of the protocol’s website that intercepted user funds and sent them to attacker’s digital wallet. The company is reportedly running its own investigation, as well as “cooperating fully with external investigations.”
We can only hope that the attack on BadgerDAO turns out to be a white hack attack as was the case earlier in the year when an anonymous hacker stole record-breaking $612 million worth of crypto assets in a Poly Network exploit but later returned the funds in full.