By
Godfrey Benjamin
April 19th, 2024
The latest protocol hack on BadgerDAO is a call for developers and projects to take a closer look at their smart contracts and employ third-party auditors.
Over the past week, the cryptocurrency community witnessed one of the largest DeFi hacks in 2021 as BadgerDAO, a decentralized finance protocol for borrowing, lending, and earning yield with tokenized Bitcoin on Ethereum, lost $120.3 million to the hackers. According to reports on the hack, the criminals added a malicious script to the protocol’s frontend website, prompting users to approve a smart contract transaction giving the script unlimited permission to drain funds from their wallets.
Peckshield, a blockchain security firm, which was first to notice the attack, claims the hackers made away with more than 2,100 BTC and 151 ETH from user accounts before BadgerDAO shut down withdrawals. Further reports and trails showed that Celcius Network, a crypto lending firm, lost over $50 million in Bitcoin (BTC) during the hack. As of writing, none of the funds have been recovered.
Such cases have become prevalent in the crypto space, especially this year, as most crypto assets set all-time highs in price. BadgerDAO’s hack ranks as the third-largest hack so far in 2021 ranking behind Cream Finance (lost $130 million in October) and the now-returned heist of PolyNetwork, which lost nearly $600 million, in the largest crypto hack of all time. Other major hacks in 2021 include the Liquid protocol ($94 million), EasyFi ($81 million), bZx exchange ($55 million), and Uranium Finance ($50 million).
Outsiders and critics of blockchain technology usually raise the question: “How secure are blockchains if they can’t prevent hacks?” While this is the right question to ask, the answer is not as straightforward as most would wish it to be.
Can We Stop Hacking on Blockchains?
Any new blockchain hack is followed up with a multitude of criticisms on the security level of blockchains. Well, blockchains are software systems, and despite the cryptographic security systems, they are still liable to hacks and attacks. Experts in the field including software developers, project managers, IT architects, and information security specialists have tried to build software that is unhackable but to no avail.
Instead, blockchains try to deter hackers from attacking the platform by raising the cost of the hack. The underlying idea is that hackers will avoid attacking a software system if their cost is higher than the expected benefits.
For example, Bitcoin, the world’s largest cryptocurrency (& blockchain), employs this tactic to deter hackers. Using its energy-intensive, proof-of-work (PoW) consensus algorithm, cryptographic hash functions, and data encryption, the cost of hacking the network is astronomical – compared to the likely benefits.
Similarly, hackers also find it very hard to attack proof-of-stake (PoS) blockchains such as QTUM. Despite not using an energy-intensive consensus algorithm like PoW, PoS blockchains require the hackers to stake their tokens on the network for long periods in order to have a chance at manipulating the network. This could be counter-productive for the hackers if the crypto tokens staked fall in price, meaning they will have no tangible value. If the token value increases the cost to stake the tokens could be expensive for the hackers. This secures PoS blockchains from hacks and attacks from bad actors.
The few (but expensive) hacks are an exception to the budding world of blockchain technology, which has proved its resilience against attacks.
An Audited Future for Blockchains
Blockchains are built to be resilient to any attacks and to maintain the security of the users’ funds. One would hope that as time goes on, blockchains and cryptocurrency exchanges would become even more secure but unfortunately, more and more exchanges are hacked as the years go by. One of the most successful tactics by hackers is to exploit bugs in the code and target custodial wallets, which pay out more.
As such, users should be cautious while dealing with blockchain projects that lack any audit reports, or those that are not audited at all. Launched in 2017, QTUM is one of the leading blockchain projects with intensive and regular blockchain code audits to avoid any hacks on the platform. Since the first audit, QTUM is yet to face any major hack on its platform.
The latest security audit happened in April 2020 (relatively recent for a crypto project), with the third-party blockchain security firm, Trail of Bits, checking any breaches and bugs on the offline staking delegations smart contract. The firm stated the audit represented the “best practice” to avoid any hacks on a simply written Solidity code. The audit found no high severity security issues but did provide two informational issues and some code quality recommendations.
Constant audit procedures and checks are important for budding blockchains projects to avoid any smart contract bug exploits and reduce the chances of hacks.
Final Words
The latest protocol hack on BadgerDAO is a call for developers and projects to take a closer look at their smart contracts and employ third-party auditors. Blockchain reports have shown that Ethereum smart contracts have a failure rate of 3% which poses a challenge to the ever-growing DeFi and NFT marketplaces. However, smart contract bugs are easily avoidable with experts noting that bugs and eros detected early rarely make it to the production stage of the project.
The blockchain code needs constant audits and the development team should thoroughly test the smart contracts before launching the mainnet.