Badger DAO Hack Clears Over $120M Worth Of Bitcoin And Ethereum From Customer Wallets

Badger DAO is a decentralized finance project focused on Bitcoin and built on the Ethereum blockchain network that allows users to earn passive crypto income. Badger DAO is now the latest to be victimized by a hack with $120.3 million worth of Bitcoin and Ethereum stolen during a particularly nasty front-end attack.

By Andrew Senior
December 2nd, 2021

The Badger team has acknowledged reports of unauthorized withdrawals, adding that its engineers are investigating the issue while the protocol’s smart contracts have been temporarily halted.

Badger has received reports of unauthorized withdrawals of user funds.

As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals.

Our investigation is ongoing and we will release further information as soon as possible.
— ₿adgerDAO 🦡 (@BadgerDAO) December 2, 2021

Users started bringing up problems on the Badger Discord channel Wednesday evening. The current speculation sweeping through the community channels is that an exploit originating in the Badger DAO user interface and not a flaw in the core protocol contracts. Many of the affected users noticed that their wallets were receiving prompts for fake requests of additional permissions while living yield farming rewards or when interacting with Badger vaults.

One user took the brunt of the attach losing 896 Bitcoins worth roughly $50 million according to PeckShield Inc.

One most affected user (w/ the loss of ~900 BTC): 0x53461e4fddcc1385f1256ae24ce3505be664f249. And here is the transfer-out tx: 😭https://t.co/megVFFy2Z8
— PeckShield Inc. (@peckshield) December 2, 2021

Badger core contributor Tritium recently commented on Discord that,

“It looks like a bunch of users had approvals set for the exploit address allowing [the address] to operate on their vault funds and that was exploited. Once we noticed we froze all the vaults so nothing can move and are trying to figure out where the approvals came from, how many people have them, and what next steps are.”

Even with the contracts currently paused, community members are advising that depositors use third party tools like Debank and Unrekt to revoke permissions for the problematic contract.

Disclaimer: The information above does not constitute investment, financial, trading or any other sort of advice and you should not treat any of the content on this site such. We do not recommend the purchase, sale, or holding of any cryptocurrency or other product. None of our content should be deemed as an offer to purchase, sell, or hold a cryptocurrency or other product or service. Please consider doing your own research and prioritize consulting a certified financial professional before making any investment decisions.

Spread the sauce:

One thought on “Badger DAO Hack Clears Over $120M Worth Of Bitcoin And Ethereum From Customer Wallets”