Will A $120M Hack Break BadgerDAO?

Will A $120M Hack Break BadgerDAO?


On Dec 2nd, BadgerDao was a vicious, front-end attack victim. The hacker used compromised API keys created without authorization or the express knowledge of the Badger team.
The total loss breakdown: $120.3M (2.1k BTC + 151 ETH)The hacker ultimately stole $130 million in funds, but approximately $9 million was recoverable since those funds were transferred but not extracted from Badger’s vaults.

Investigating The Crime

With help from Peckshield, a blockchain security and data analytics company, Badger is still investigating the incident. However, members of the Badger team have openly reported the issue came from someone inserting a malicious script into the UI of the website. Any visitor to the site who encountered the “maliciously injected snippet” would trigger a Web3 transaction requesting the transfer of the victim’s tokens to the hacker’s address.

According to the team, the hacker ran the code in early November, testing it at irregular intervals to avoid discovery.
After a flood of community members reported the unauthorized transfers, Badger paused all smart contracts, freezing its platform and strongly advising community members to decline all transactions.

Before the hack, Badgers price sat around $27.22, but 4 days after the incident price dropped to $14.79, almost 50%.

Yellow arrow: Time of Hack


Badger is currently voting on a proposition to unfreeze the community assets, but releasing transactions might trigger a mass exodus and a significant drop in price for the BadgerDAOs coin. Some estimate as high as a 75% drop in price, taking it from $14 per coin to around $5. Another problem posed is how to repay losses, if at all.

Last Hack Of The Year

However, the 120M stolen from BadgerDAO pales compared to the largest DeFi hack just four months earlier. In August 2021, hackers robbed Poly Network of more than $600 million. Surprisingly the attacker returned the funds after a plea from the community, a strategy Badger has also attempted to reproduce.

Photo created by standret – www.freepik.com

As DAOs grow and face many trials, we will see pillars of DeFi rise and fall. Though the hack wasn’t the community’s fault, the brunt of the damage and the clean-up will be their collective responsibility. Luckily, the attack didn’t reveal specific flaws within Blockchain tech. Instead, it exploited older “web 2.0” transaction technology making this hack is more of a speed bump than a fault in the overall growth and promise of Web3.

Leave a Reply

Your email address will not be published. Required fields are marked *

More from GCR

Greg d’Incelli - Scenius and the FTX impact on allocator appetite - Global Coin Research

Featured GCR Announcement GCR Exclusive Podcast

Greg d’Incelli – Scenius and ...

Gregory d’Incelli is the co-founder of Scenius Capital. Scenius is a digital assets and blockchain technology investment firm focused on providing sophisticated investors curated access ...

An Overview of Music NFTs - Global Coin Research

NFT

An Overview of Music NFTs

Introduction NFT or a non-fungible token is a unique digital asset on the blockchain that can be bought or sold. TheNFT movement has spread to ...

Insights

Writing NFTs As The New ...

The more I search for new perspectives on specific topics for my essays, the more I realize the difficulty of finding hidden gems and quality ...