Someone hacked the DeFi site and stole $120 million in cryptocurrency.
On Wednesday night, someone withdrew funds from several cryptocurrency wallets connected to the BadgerDAO decentralized finance platform. Peckshield, a blockchain security and data analyst who works with Badger for a robbery investigation, said the various tokens stolen in the attack were worth around $120 million.
While the investigation continued, a member of the Badger team informed the user that he believed the issue was due to someone inserting a malicious script into the website's user interface. For any user who interacted with the site while the script was active, it intercepts the Web3 transaction and injects a request to send the victim's token to an address of the attacker's choice.
Because the transaction is transparent, you can see what happened after the attacker's attack. PeckShield points to a single transfer of 896 bitcoins worth more than $50 million thrown into the attacker's treasury. According to the team, the malware appeared as early as November 10, as attackers ran the malware at seemingly random intervals to evade detection. The
Decentralized Financial System (or DeFi) relies on blockchain technology to allow cryptocurrency holders to conduct more general financial transactions, such as earning interest on loans. BadgerDAO promises its users: "You never have to give up your private key to your cryptocurrency, you can withdraw it whenever you want, and you can rest assured knowing that our strategists work day and night to get your assets to work."
This protocol allows those with Bitcoin to “connect” their cryptocurrencies to the Ethereum platform via tokens and take advantage of DeFi features that are otherwise inaccessible. As soon as Badger became aware of the unauthorized transfer, it halted all smart contracts, essentially freezing the platform and advising users to deny all transactions to the attacker's address.
Thursday night, the company "has hired data forensics expert Chainalysis to investigate the full scope of the incident and has notified U.S. and Canadian authorities that Badger is fully cooperating with outside investigations as well as conducting its own."