Will A $120M Hack Break BadgerDAO?

Will A $120M Hack Break BadgerDAO?


On Dec 2nd, BadgerDao was a vicious, front-end attack victim. The hacker used compromised API keys created without authorization or the express knowledge of the Badger team.
The total loss breakdown: $120.3M (2.1k BTC + 151 ETH)The hacker ultimately stole $130 million in funds, but approximately $9 million was recoverable since those funds were transferred but not extracted from Badger’s vaults.

Investigating The Crime

With help from Peckshield, a blockchain security and data analytics company, Badger is still investigating the incident. However, members of the Badger team have openly reported the issue came from someone inserting a malicious script into the UI of the website. Any visitor to the site who encountered the “maliciously injected snippet” would trigger a Web3 transaction requesting the transfer of the victim’s tokens to the hacker’s address.

According to the team, the hacker ran the code in early November, testing it at irregular intervals to avoid discovery.
After a flood of community members reported the unauthorized transfers, Badger paused all smart contracts, freezing its platform and strongly advising community members to decline all transactions.

Before the hack, Badgers price sat around $27.22, but 4 days after the incident price dropped to $14.79, almost 50%.

Yellow arrow: Time of Hack


Badger is currently voting on a proposition to unfreeze the community assets, but releasing transactions might trigger a mass exodus and a significant drop in price for the BadgerDAOs coin. Some estimate as high as a 75% drop in price, taking it from $14 per coin to around $5. Another problem posed is how to repay losses, if at all.

Last Hack Of The Year

However, the 120M stolen from BadgerDAO pales compared to the largest DeFi hack just four months earlier. In August 2021, hackers robbed Poly Network of more than $600 million. Surprisingly the attacker returned the funds after a plea from the community, a strategy Badger has also attempted to reproduce.

Photo created by standret – www.freepik.com

As DAOs grow and face many trials, we will see pillars of DeFi rise and fall. Though the hack wasn’t the community’s fault, the brunt of the damage and the clean-up will be their collective responsibility. Luckily, the attack didn’t reveal specific flaws within Blockchain tech. Instead, it exploited older “web 2.0” transaction technology making this hack is more of a speed bump than a fault in the overall growth and promise of Web3.

Leave a Reply

Your email address will not be published. Required fields are marked *

More from GCR

Insights

Near AI x HZN – ...

We’re completing our coverage of Near Horizon’s first ever AI cohort and finishing off with a focus on decentralized compute. Previously, we highlighted the importance ...

Insights

Arweave’s AO Computer Has Big ...

Introduction Arweave has been a trailblazer in decentralized storage, providing an immutable data storage protocol on a blockchain-like structure known as the blockweave. The recent ...

Insights

Deep-Dive into Move-based Blockchains

I. Introduction Move is a new programming language for smart contract development. Originating from Facebook’s discontinued Diem and Novi projects, Move aims to revolutionize smart ...