During the night from Tuesday to Wednesday Funds stolen from multiple crypto wallets connected to the decentralized financial platform BadgerDAO. According to blockchain security and data analytics firm Peckschield, which is working with BadgerDAO to investigate the robbery, the various tokens stolen in the attack are valued at around $ 120 million.
The problem was probably caused by a malicious script on the user interface of the Website that had been integrated unnoticed. While the script was active, Web3 transactions were intercepted and the tokens were redirected to the perpetrator’s account. The malicious code appeared on November 10th and was executed by the attackers at apparently random intervals in order to avoid detection.
Funds disappeared for now
When Badger found out about the unauthorized transfers, it paused all smart contracts, essentially freezing its platform and advised users to reject all transactions to the attacker’s addresses. Badger is now investigating, among other things, how the attackers apparently accessed Cloudflare via an API key that should have been protected by two-factor authentication. While the attack did not reveal any specific flaws in the blockchain technology itself, the hackers managed to exploit the older “Web 2.0” technology that most users need to carry out transactions.
Whether the funds can be transferred back and whether those affected may even be compensated is not yet b known. The attack only shows once again that in the crypto world, despite all security precautions, millions of dollars can simply disappear from now on, even if they are managed by one of the most security-conscious teams in the decentralized financial sector, as Badger calls himself.