BadgerDAO, a decentralized autonomous organization (DAO) focused on bringing Bitcoin to decentralized finance (DeFi), is the latest to suffer an exploit that was estimated to result in losses of US$120 million.
Fast facts
- Crypto security firm PeckShield said in a Thursday tweet the total loss has amounted to at least 2,100 BTC and 151 ETH.
- In a Badger Discord channel, Tritium, who appears to be a core member of the protocol, told users that it looks like “a bunch of users had approvals set for the exploit address,” allowing the address to operate on their vault funds.
- “Once we noticed we froze all the vaults so nothing can move and are trying to figure out where the approvals came from, how many people have them, and what next steps are,” Tritium said.
- Jonto, another Badger operator, said in the Discord channel yesterday that there was a “front end exploit that has affected some addresses” and that “all contracts and rewards claiming [have] been paused while we investigate so the app may not be showing correctly.”
- BadgerDAO said Thursday in a tweet that it has received reports of unauthorized withdrawals of user funds. “As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals,” it wrote in the tweet.
- In another tweet today, the protocol said the investigation continues. “Badger has retained data forensics experts Chainalysis to explore the full scale of the incident,” it wrote in the tweet. “For now, the pause on smart contracts continues in order to prevent further withdrawals.”
- A number of DeFi platforms have seen attacks this year, with the Poly Network exploit being the most prominent. In August, Poly Network suffered a US$600 million hack, though the hacker later returned the stolen assets. In the same month, Japanese crypto exchange Liquid suffered a loss of over US$90 million in an attack, which siphoned Bitcoin, Ethereum, Tron and XRP tokens from the exchange. Liquid obtained a US$120 million loan from fellow exchange FTX to cover losses.
- In October, DeFi platform Cream Finance suffered a flash-loan attack and lost about US$130 million worth of tokens. Almost at the same time, DeFi trading platform BXH also suffered a US$139 million exploit.
- According to CoinMarketCap, BadgerDAO’s BADGER token fell 9.7% over the past 24 hours by Friday afternoon Asia time.