KEY POINTS

  • Badger DAO was hacked Wednesday
  • Estimates put the loss for investors above $120 million
  • All smart contracts on the platform have been suspended indefinitely

Decentralized finance platform BadgerDAO has been hit by a hacking attack that has led to investors losing a whopping $120 million plus. The attacker or attackers, whose identity remains unknown, drained funds from the wallets of dozens of users of the Badger DAO yield vault protocol.

BadgerDAO's protocol allows users to “bridge” Bitcoin to the Ethereum platform via its token, BADGER, for activities like lending.

The attack was implemented using malicious contract permissions and can be called one of the biggest hacks in the crypto industry. The total loss from the attack was more than $120 million, with the biggest being 896 BTC ($50 million) yanked from a single wallet, data collected by PeckShield, a blockchain security and data analytics company, showed.

In all, nearly 2,100 Bitcoin and 151 Ether were lost, causing panic among the users of the platform. The protocol immediately ceased smart contracts on the platform. The issue was first reported on the Discord server of the platform at 9 p.m. ET Wednesday.

It looked like a bunch of users had approvals set for the exploit address allowing [the address] to operate on their vault funds, and that was exploited," Badger core contributor Tritium wrote on Discord.

In simpler terms, the Verge reported that someone is believed to have inserted a malicious code in the UI of the Badger website. The script then transferred tokens of any users who interacted with the site to the attacker’s chosen address. The malicious code was inserted as early as Nov. 10 and randomly run by the attackers, the report said.

BADGER, the native token of the platform, dropped by nearly 20% following the news of the hack. Data from CoinMarketCap shows that as of 5:03 a.m. ET, and the token was trading at $20.41, nearly 77.15% below its all-time high at $89.5 reached on Feb. 9.

The Twitter account of the protocol has been actively giving updates on the hack, but there is zero talk of a refund to the affected investors — so far.

"Badger has retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the U.S. & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own," said BadgerDAO's official Twitter handle.

However, the pause continues to prevent further attacks until the restoration has been done and the solution implemented.

Glib Ivanov-Tolpintsev, 28, is suspected of hacking into tens of thousands of computers and selling their access codes on the dark web, the underground version of the internet
Representation. AFP / Fred TANNEAU
RELATED STORIES