DeFi protocol BadgerDAO suffers $120M loss
BadgerDAO, a DeFi protocol, has been the victim of a large hack. The protocol’s users were robbed of $120.3 million, according to security researchers PeckShield.
BadgerDAO is a DeFi protocol aimed at increasing bitcoin yield. The idea is to wrap your bitcoin and transfer it to a smart contract platform like Ethereum, which you can then use within DeFi applications. BadgerDAO offers a variety of vaults where users can park their wrapped bitcoin and earn yields based on the vaults’ yield generation strategies.
“Unauthorized withdrawals of user funds have been reported to Badger. All smart contracts have been paused while Badger engineers investigate this to prevent further withdrawals “BadgerDAO confirmed the exploit in a tweet today.
PeckShield documented the assets stolen in the hack, which included tokens such as wrapped bitcoin (WBTC) and convex finance (CVX) as well as more complicated tokens such as “ibbtc/sbtcCRV-f.” Many of the tokens represent assets held in a vault, which means they can be redeemed for multiple tokens of varying value, making it difficult to calculate the total amount of funds stolen.
In a single transaction, 900 bitcoin ($50.8 million) worth of tokens were stolen from one user. Another lost $5 million in tokens in a single transaction.
According to comments in the project’s Discord channel, the front end of the BadgerDAO website was accessed and used to intercept transactions. According to one administrator, an API key for Cloudflare appears to have been compromised.
