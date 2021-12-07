Just over 2,078 BTC and 151 ETH were drained from the wallets of the autonomous decentralized organization BadgerDAO.

This loss equates to more than $ 120 million in digital assets.

The same users had already reported on possible irregularities observed in the Smart Contracts of the protocol.

Another multibillion-dollar hack has hit the world of cryptocurrencies, this time it has been the crypto financial platform of BadgerDAO the perpetrator of a robbery of more than $ 120 million dollars spread over various cryptocurrencies, when an attacker emptied different wallets.

As revealed by blockchain analytics firm PeckShield, it was more than 2 thousand BTC and more than 151 ETH, which were drained from BadgerDAO and the wallets of its users during the week.

During the week Badger’s team stated that the same users reported on possible irregularities observed in the Smart Contracts of the protocol on the project’s official Discord account.

Ongoing investigations

Immediately, the entire community began an investigation into their own wallets resulting in a handful finding that When claiming their Pool Defi Farming rewards, the system generated false requests for additional share permissions that did not exist.

These speculations of a possible hack prompted the lead developers themselves to do emergency investigations.

“It seems that a group of users had approvals established for the direction of a hack that allows that external wallet to operate the funds of its treasury at its discretion, and that was exploited by criminals”wrote Badger’s senior contributor Tritium on Discord.

Once the previous comment is published, Badger paused all smart contracts in the protocol, which in a nutshell caused the platform to freeze. In addition, it advised all its users to reject all transactions and contract signatures coming from the system.

Within hours of shutting down the transactions, the BadgerDAO team officially commented that they were already in contact with both Chainalysis to determine the true expansion of the backdoor exploited by hackers.

In addition, the team has already made the complaint to both the United States and Canadian authorities, and they will forward all the forensic data collected by both the team and BadgerDAO.

“Smart contracts have yet to be reactivated and therefore users are still unable to deposit, claim rewards or withdraw their funds from the Badger app (app.badger.com). Badger is working to ensure that smart contracts can be safely reactivated without further risk to the funds of all users in the community. “

Malicious code changes the direction of smart contracts

One of the things being investigated is how the attacker apparently accessed Cloudflare through an API key that should have been protected by two-factor authentication, allowing him to redirect the smart contracts to the attacker’s wallets.

In addition, a rapid PeckShield study revealed that The malicious code appeared on November 10, and that this code had changed the address of the Smart Contracts of user alerts at a random rate to avoid detection from that date to last week.

At the moment it is unknown if the funds can be recovered and what will be done with the affected users, however, this could be the perfect alert for readers of Bitcoin Mexico to really learn how the approvals, signatures and permissions that they have on our work. money.

What is BadgerDAO?

Badger is a Decentralized Autonomous Organization (DAO), which allows Bitcoin (BTC) maximalists to use their BTC hodls as collateral in various DEFI applications. That otherwise could not be accessed with BTC, because its vast majority is built on Ethereum.

