Badger DAO exploited for nearly $100M, BADGER down by 18%

hacker 2300772 1920 1 1200x600 1
  • Badger DAO has reportedly been victim to a front-end hack that left it about $100 million short of user funds.
  • Users have been asked to revoke permissions given to the malicious smart contract as investigations proceed.

Badger DAO (decentralized autonomous organization) has lost approximately $100 million user funds in a front-end cyberattack. One user has lost 896 Bitcoin (BTC), or about $50 million at the current price, according to blockchain security company PeckShield.

The attack, which was made public at around 2 AM UTC on Dec. 2, targeted the protocol at contract address 0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107. Early reports say many users’ wallet providers prompted unusual requests for additional permissions. Core contributor Tritium wrote on the protocol’s official Discord server noted;

It looks like a bunch of users had approvals set for the exploit address allowing it to operate on their vault funds and that was exploited, 

“Once we noticed we froze all the vaults so nothing can move and are trying to figure out where the approvals came from, how many people have them, and what next steps are,” he added.

Badger DAO takes $100M cyberattack hit

In a Twitter statement at 4.30 AM UTC, the Badger DAO team acknowledged “reports of unauthorized withdrawals of user funds.” The incident is now under investigation by the organization’s engineers.

At present, the protocol’s smart contracts have been halted to prevent more potentially malicious withdrawals. Additionally, users have been urged to revoke permissions to the compromised smart contract to stop further losses. Revoking is done by visiting Etherscan.com and logging in with a wallet that one believes is compromised. This is a necessary measure since the malicious requests may have been made weeks ago, even if theft only took place in the last few hours.

About Badger DAO

Badger DAO is a Bitcoin-focused decentralized finance project built on the Ethereum blockchain. Its purpose is to build products and infrastructure for accelerating Bitcoin’s adoption as collateral on other blockchains. Users convert their Bitcoin to either Wrapped Bitcoin (wBTC) OR renBTC which they deposit into Sett vaults. The vaults then algorithmically determine users’ yields and allocate them. The yield vault protocol was just a few days away from its first anniversary when the hack took place.

Currently, Badger DAO is the 23rd largest DeFi protocol on Ethereum, based on data from DeFi Pulse. Last month, its total value locked (TVL) topped $1 billion.

The DAO, like many others, touted good intentions of bringing DeFi to Bitcoin. The latest hacker strike has, however, left it quite shaken. According to our data at press time, BADGER was trading at $22.66, having plummeted 17 percent in the last 24 hours. SnowdogDAO is another similar project on Avalanche that was recently rug pulled with millions in user funds after just eight days of running.

Related: SnowdogDAO, a rival for Shiba Inu on Avalanche, rug pulled after 8-day experiment