BadgerDAO gets stolen $ 120 million

A hacker managed to exploit a flaw in the BadgerDAO protocol, which offers decentralized finance (DeFi) products to holders of bitcoins (BTC).

Early reports indicated that the amount of funds siphoned from the protocol amounted to $ 10 million, but data from PeckShield shows that the losses are significantly greater.

Indeed, at the material time, the hacker’s loot represented the equivalent of $ 120.3 million, since he stole 2,109 BTC and 151 ETH.

One user had his entire wallet siphoned off, worth around 906.5 bitcoins ($ 51.2 million) in a single transaction.

Here is the current whereabouts as well as the total loss: $ 120.3M (with ~ 2.1k BTC + 151 ETH) @BadgerDAO pic.twitter.com/fJ4hJcMWTq

BadgerDAO quickly confirmed the attack, posting on Twitter:

“Badger has received reports of unauthorized withdrawals of user funds. While Badger engineers investigate this case, all smart contracts have been put on hold to prevent further withdrawals. Our investigation is ongoing and we will release further information as soon as possible. “

What really happened? On this point, PeckShield indicates that a BadgerDAO flaw was exploited through the user interface, and not from the protocol’s smart contracts.

The users affected by this attack explain that when they wanted to recover their rewards linked to their yield farming, their wallets asked them for additional permissions.

“It appears that a number of users had set permissions for the hacker’s address allowing the hacker to interact with their wallet funds and this was exploited,” said Tritium, a Badger contributor.

In terms of stolen value, this is the 4th largest hack in the history of decentralized finance. As the Rekt leaderboard indicates, the podium is currently made up of Poly Network ($ 610 million), Compound ($ 147 million) and Cream Finance ($ 130 million).

Shortly after the first rumors about this hack, the price of the BADGER token began to fall. The eponymous protocol token lost almost 19% over a 10 hour period, which is relatively light for such a compromising attack for the protocol.

Evolution of the price of the BADGER token – Source: TradingView

What if you have used BadgerDAO before?

In order to protect yourself from any possible loss, there are a few steps you need to take to secure your funds.

Go to this page of Etherscan, which allows you to revoke your approvals of any decentralized application.

Click on the “Connect to Web3” button to connect your wallet. Then, enter this address “0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107”. This is the address of the hacker.

If your search gives a result, simply revoke the approval with the “Revoke” button.

As of this writing, BagderDAO is certainly in the process of deploying a patch, but still take a few minutes to verify that you are not affected by the hack.

