Hackers have stolen nearly $120 million from multiple cryptocurrency wallets connected to the decentralised finance platform BadgerDAO. The heist once again highlights the dangers associated with crypto trading. Blockchain security and data analytics Peckshield is investing this latest case of theft and has confirmed that hackers have stolen various tokens worth about $120 million in the attack. The platform has paused all smart contracts to ensure that there are no further withdrawals.
"Badger has received reports of unauthorized withdrawals of user funds. As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals," BadgerDAO tweeted today, confirming the exploit. The platform blames the issue on someone inserting a malicious script into the UI of their website. If any user interacted with the site when the script was active, it would intercept Web3 transactions and a request for the victim's tokens to the attacker's chosen address was initiated.
According to PeckShield, the stolen tokens range from more common coins like wrapped bitcoin (WBTC) and convex finance (CVX) to more complicated tokens like "ibbtc/sbtcCRV-f." Many of the tokens represent assets held in a vault, meaning they can be redeemed for multiple tokens with varying values. It makes it even harder for the investigating agency to find the exact value of the stolen funds.
The agency has revealed that one user lost more than $50 million in a single transaction. In this case, 896 Bitcoins were transferred from a user's account to the attackers' account. Another lost $5 million worth of tokens in one go. Once Badger became aware of the unauthorised transfers, it paused all smart contracts and also asked users to cancel all transactions to the attacker's addresses.
The company said it has "retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own."
For those unaware, BadgerDAO is a DeFi or decentralised finance platform focused on providing yield for bitcoin. The idea is that you bridge your bitcoin over onto a smart contract platform like Ethereum, as wrapped bitcoin. These coins can then be used within DeFi applications. The platform provides users with a variety of vaults where they can park their wrapped bitcoin and earn yields depending on the yield generation strategies used by the vaults.
It is still unknown whether the platform can recover the lost funds. However, the incident is a wake up alarm for anyone active in the world of crypto or blockchain. The users need to be really careful before approving a transaction or they can end up losing a big amount in one go.
Copyright©2022 Living Media India Limited. For reprint rights: Syndications Today