An approximated $120 million worth of Ether assets and Bitcoin were stolen from a decentralized finance (DeFi) website that enables users to loan, borrow and speculate on cryptocurrency cost fluctuations. Some alleged hackers drained funds from various cryptocurrency wallets attached to BadgerDAO, a decentralized finance platform.
Even though the investigation is still ongoing, the Badger team informed users that they assume that the attack took place by a malicious script implanted in the UI of their site by someone. The script would then intercept Web3 transactions and send a request to transfer all the target’s tokens to the attacker’s address every time a user interacted with their website when the script was activated.
Since the transactions were transparent, one can see what happened when the attackers pounced. PeckShield informed that one transfer included 896 Bitcoin tokens valued at over $50 million.
As per the team, the malicious script appeared first on the 10th of November, and the attackers ran it at random interims to circumvent all possibilities of exposure.
As soon as Badger became informed of all these transfers, it instantly froze its website, stopped all smart contracts, and advised its users to reject all transactions to the attacker’s address.
For now, the pause on smart contracts continues in order to prevent further withdrawals. Badger will share further updates as soon as they are available.
— ₿adgerDAO 🦡 (@BadgerDAO) December 2, 2021
The company declared on Thursday night that it has:
“retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own.”
According to PeckShield, a Blockchain analysis firm that was the first to notice the heist revealed that the hackers stole over 151 Ether and 2,100 Bitcoins from the user accounts of Badger before the organization shut down its entire system.
The firm declared on Twitter that the price was assessed to be around $120.3 million at the time of the heist. They also declared that one user lost over 900 Bitcoins, estimated to be approximately $50.5 million.
— PeckShield Inc. (@peckshield) December 2, 2021
Platforms covering Cryptocurrency news like CryptoBriefing, CryptoSlate, and Coinspeaker quoted various users from the discord channel of Badger who claimed that the criminals utilized a vulnerability in the user interface of the platform for attaining access to user accounts and exfiltrate funds.
However, Badger has not returned any comment requests and hasn’t confirmed these theories to any news platform.
Usually, the attacks on crypto platforms involve gaining access to an employee’s account or exploiting faults in the trading protocols of the platform instead of the user interface.
Currently, the Badger cryptocurrency incident ranks as the third biggest heist of 2021, with PolyNetwork first and Cream Finance second.