A few days ago it was made public that so far in 2021 investors are estimated to have lost $12 billion to criminals targeting so-called “decentralized finance” (or DeFi) platforms. Last night another case of such attacks became known: someone has stolen $120 million on the BadgerDAO platform.
Someone has emptied funds from multiple cryptocurrency wallets connected to the decentralized financial platform BadgerDAO. The blockchain security and data analytics firm Peckshield, which is collaborating with Badger in the investigation of the heist, is the one that estimates the various tokens stolen in the attack to be worth $120 million.
BadgerDAO team members have told users that they believe the problem came from someone inserting a malicious script into the user interface of the Badger.com website. For users who interacted with the site when the script was active, the script intercepted Web3 transactions and inserted a request to transfer the victim’s tokens to another address chosen by the attacker.
Some of the affected users have commented on networks that when claiming rewards from the performance of their assets they found that their wallet providers were requesting additional permissions.
Decentralized financial systems
Decentralized financial systems (or DeFi) rely on blockchain technology to allow cryptocurrency owners to conduct common financial transactions albeit outside of traditional financial settings. BadgerDAO has a protocol that allows people who hold Bitcoin to “pass” their cryptocurrency to the Ethereum platform via their token.
Badger DAO was born in September 2020, designed to use tokenized Bitcoin (WBTC or renBTC) as a productive collateral asset within Ethereum’s DeFi ecosystem. In this way, holders of these tokens could borrow using their tokenized BTC as collateral.
Blocking of smart contracts
Right now, because of this attack that has been discovered, the platform keeps pausing smart contracts to avoid further fraudulent withdrawals, according to a publication a few hours ago on Badger’s official Twitter profile.