Hacker Drains $115 Million From DeFi Protocol BadgerDAO
Another DeFi protocol has fallen victim to a serious hack, after the BadgerDAO reported that they had noticed "unauthorized withdrawals" from their protocol.
BadgerDAO initially stated that $10 million had been stolen, though reports from security and blockchain analytics company PeckShield put that number closer to $115 million, or over 2,063 BTC. One user even lost 900 BTC.
Badger has received reports of unauthorized withdrawals of user funds.
As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals.
Our investigation is ongoing and we will release further information as soon as possible.
— ₿adgerDAO 🦡 (@BadgerDAO) December 2, 2021
Unlike many other DeFi hacks, this one does not appear to be an attack on the protocol itself, but rather the web interface connecting the protocol to users’ wallets.
On BadgerDAO’s Discord server, many users complained that when their wallets interacted with BadgerDAO, they were hit with requests for additional permissions and then transferred tokens to wallets controlled by the hackers.
RELATED: PayPal Enables Crypto Payments
BadgerDAO has currently decided to pause all smart contracts to prevent further withdrawals while it investigates further.
The BadgerDAO’s very own governence token, BADGER, plummeted after news broke out.
The protocol’s founder, Chris Spadafora had not yet responded to the news on Twitter at the time of publication.
According to Mitche50 of the Badger Core team:
“It appears that the API key for Cloudflare has been compromised. Through this, the hacker was able to create a script and inject it into custom routes.”
Cloudflare is a widely used US website infrastructure company that provides a content delivery network and helps sites defend against denial of service attacks.
READ MORE:
It is also unclear whether affected users will be able to be compensated for losses by the DAO or by the Nexus Mutual insurance protocol, which offers BadgerDAO insurance at a rate of 2.6% per year.
The insurers’ terms note that the insurance only covers “contract bugs, economic attacks including oracle failures [and] network management attacks”.
While this hack is significant, it pales in comparison to some of the major successful exploits that have happened against DeFi protocols this year. For example, in August hackers made off with nearly $600 million after exploiting bugs in the Poly Network.
Alexander Stefanov
Reporter at CoinsPress
Alex is Editor-in-Chief of Coinspress and co-founder of Millennial Media Group, with nearly a decade of experience covering financial markets - crypto first, then everything else. It started in 2016 with Bitcoin. Like most people at the time, he didn't fully understand it - so he kept digging. Blockchain, tokenomics, the projects, the cycles. That curiosity never stopped, and eventually pulled him into traditional markets too: equities, commodities, macro. Not because he left crypto behind, but because you can't properly understand one without the other. What drives him is straightforward: he wants to know why something is happening, not just that it's happening. Most market coverage stops at the headline - price up, price down, here's a chart. Alex finds that kind of reporting actively unhelpful. If you walk away from an article without understanding the mechanism behind the move, what did you actually learn? He holds a degree in Tourism from New Bulgarian University - not the most obvious path into financial markets, but markets have a way of pulling in people who are simply too curious to stay out. He has authored over 200 in-depth analyses and more than 10,000 articles across crypto and traditional finance. He still thinks every day in markets teaches him something new. That's probably why he hasn't stopped.
