According to blockchain data and security analytics firm, Peckshield, which is working with Badger DAO to investigate the theft, the various tokens stolen in the attack were worth about $120 million. It includes 2,100 Bitcoin and 151 Ethereum.
While the investigation is ongoing, Badger DAO team members have told users that they believe the problem was caused by someone who inserted a malicious script into the Badger.com user interface, not into the underlying protocol contracts.
For any user who interacted with the site while the script was active, it intercepts Web3 transactions and inserts a request to transfer the victim’s tokens to the address chosen by the attacker.
Because of the transparent nature of the transactions, it is possible to see what happened once the attackers did the theft. And
One most affected user (w/ the loss of ~900 BTC): 0x53461e4fddcc1385f1256ae24ce3505be664f249. And here is the transfer-out tx: 😭https://t.co/megVFFy2Z8
— PeckShield Inc. (@peckshield) December 2, 2021
PeckShield reports that a single transfer resulted in 896 bitcoins being withdrawn to the attacker’s wallet, worth more than $50 million.
According to the team, the malware appeared as early as November 10, with attackers running it at seemingly random intervals to avoid detection.
Decentralized finance, or DeFi, systems rely on blockchain technology to allow cryptocurrency holders to conduct typical financing operations such as earning interest by lending.
The Badger DAO protocol allows people with Bitcoin to link their cryptocurrency to the Ethereum platform via its token and take advantage of DeFi opportunities they might not otherwise have access to.
Once Badger DAO became aware of unauthorized transfers, it paused all smart contracts. This essentially resulted in the freezing of its platform. Users are advised to reject all transactions to the attacker’s addresses.
Cryptocurrency thefts continue
For now, the pause on smart contracts continues in order to prevent further withdrawals. Badger will share further updates as soon as they are available.
— ₿adgerDAO 🦡 (@BadgerDAO) December 2, 2021
The company has hired data experts, Chainalysis, to explore the full scope of the incident. Authorities in both the United States and Canada have been notified. The Company fully cooperates with external investigations in addition to advancing its own investigations.
And Badger DAO is investigating how to access Cloudflare via an API key. Which should be protected by two-factor authentication.
Although the attack did not reveal specific flaws within the blockchain technology itself. It was able to exploit the older web 2.0 technology that most users need to use to transact.
Multi-factor authentication systems protect accounts from various phishing schemes. However, experts warn that targeted phishing attacks can bypass them. And that’s in the presence of tools to automate the process for years.
An FBI notice in 2019 noted the increasing capabilities of criminals to bypass multifactor authentication. He suggested changes or training that would make carrying out such attacks more difficult.
Facebook reverses ban on cryptocurrency ads