Users of the decentralized finance protocol Badger DAO reported unauthorized withdrawal of funds. The estimated damage from hacking may exceed $100 million.
The project team suspended all smart contracts and launched an investigation.
Presumably, the hack was the result of an exploit in the user interface. Some protocol clients have paid attention to requests for approval of additional addresses for output.
“It seems that some users had approvals for the exploit address installed, allowing them to operate with their funds in the repositories, which was used,” one of the main community members under the nickname Tritium wrote in Discord.
He also said that the attack lasted from November 11. Users have confirmed that the assets were sent to the exploit address more than 10 days ago.
However, the bulk of the funds were withdrawn on December 1.
Initially, it was about damage of about $ 10 million. PeckShield experts have compiled their list of assets stolen by a hacker. Commentators noted that we are talking about an amount of over $ 100 million.
PeckShield noticed that one of the most affected users lost almost 897 BTC (~$51 million).
Update: The company’s specialists have clarified the value of the stolen assets, which, according to their calculations, exceeded $ 120 million.
According to the Badger DAO website, the value of funds blocked in the protocol is $1.2 billion, and the treasury of the project exceeds $ 240 million. According to the Zapper service, the latter figure falls short of $62 million.
At the time of writing, the price of the BADGER management token has fallen from around $28 to about $22.5 — by about 20%.
Recall that on November 30, a hacker removed $31 million worth of crypto assets from the MonoX DeFi platform. Commenting on the incident, The Block analyst Igor Igamberdiev wrote that it was getting “a little boring.”