Tolu is a cryptocurrency and blockchain enthusiast based in Lagos. He likes to demystify crypto stories to the bare basics so that anyone anywhere can understand without too much background knowledge. When he's not neck-deep in crypto stories, Tolu enjoys music, loves to sing and is an avid movie lover.
Days after MonoX lost $30 million to a security breach, BadgerDAO has suffered the same fate, losing over $120M in stolen assets.
BadgerDAO, a decentralized finance mainstay, is the latest victim to suffer a cyber breach – which drained the platform of $120.3 million so far. The breach reportedly targeted the DeFi protocol on the Ethereum blockchain at a listed contract address.
Users first noticed and reported issues on BadgerDAO’s discord, on Wednesday night. To avoid losses, users urged one another to revoke permissions to the compromised contracts. One of such notices was issued on Twitter and read:
“FYI, nasty front-end attack on Badger, looks like ~10m taken out of people’s wallets using rug approval. If you’ve interacted with anything badger related in the last few weeks, check and revoke asap.”
Additionally, the BadgerDAO team also weighed in on the breach. Although the platform’s team did not confirm the breach, it released a statement on Twitter early Thursday morning acknowledging reported problems. The official tweet read:
“Badger has received reports of unauthorized withdrawals of user funds. As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals. Our investigation is ongoing and we will release further information as soon as possible.”
There is a general belief within the community channels that the hack stems from an exploit within the Badger.com user interface instead of the core protocol contracts. In fact, some users reported that they received unusual requests for additional permissions on the protocol. According to these users, this was especially apparent while claiming yield farming rewards and interacting with Badger vaults.
Users believe these requests should have been enough to indicate a front-end attack of the protocol. Tritium, a core Badger contributor, wrote on Discord that many users had approvals set for the exploit address. This allowed the address to operate on funds in their vaults, eventually allowing the exploitation that happened.
BadgerDAO Yet to Give Further Update on Security Breach
BadgerDAO is currently taking stock of its losses and its compromised channels and is yet to provide further updates. However, it is believed that these suspected losses are more than $90 million. In addition, even though the contracts remain paused, community members are offering advice to depositors on damage control. Some have suggested that those affected can deploy tools like Unrekt or Debank to help. Using these tools, users can revoke permissions that the malignant contract can exploit.
As of press time, Badger’s native token BADGER is down by about 15% in over 24 hours to $22.71, according to Coingecko. Its previous daily high was around $29.
DeFi hacks are fast becoming a worrisome trend, especially in an industry where authorities have repeatedly clamored for better oversight. Only a few days ago, there was another breach against DeFi protocol MonoX. The perpetrators allegedly made away with approximately $30 million in WETH and Polygon (MATIC). Other compromised assets were WBTC, GHST, DUCK, IMX, MIM, and LINK.