While crypto is on a steady path of growth and adoption, so is the number of exploits and hacks. Unfortunately, the recent victim of such attacks is BadgerDAO.
BadgerDAO is a decentralized collective of strategists, developers, and content creators seeking to build and support Bitcoin-focused products. Users of the platform reported problems within the protocol with its Discord channel at 9 PM EST yesterday night.
While all the details regarding the exploit aren’t out, speculations pinpoint the Badger user interface as the weak point. Also, many affected users pointed out that the wallet providers prompted spurious requests while claiming yield farming rewards.
Badger core contributor Tritium wrote on the Discord group:
“It looks like a bunch of users had approvals set for the exploit address allowing [the address] to operate on their vault funds and that was exploited.”
He also added:
“Once we noticed we froze all the vaults so nothing can move and are trying to figure out where the approvals came from, how many people have them, and what next steps are.”
Following that, the team behind the protocol confirmed this on their Twitter account.
Observers state that the hacker has taken various forms of vaulted and synthetic bitcoin from affected wallets. Moreover, they say that the total worth of assets affected is over $10 million. Although most of the funds went off yesterday, malicious permission requests came into the network a couple of weeks before the attack.
Currently, the contracts on the network are paused. Also, community members advise depositors to use tools such as Debank and Unrekt to revoke permissions for the malicious contract.