Friday, December 3rd 2021
BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
BadgerDAO, "one of the most security-minded DAOs in operation", has been hit with a cryptocurrency heist enabled via a JavaScript hack on their website. BadgerDAO enables Bitcoin holders to "bridge" their cryptocurrency over to the smart-contract and DeFi-enabled Ethereum platform via its token, thus allowing access to the world of decentralized finance. After preliminary investigations aided by blockchain security and data analytics Peckshield, it seems that the bad actors inserted a malicious script in the BadgerDAO website - in turn intercepting Web 3.0 transactions and inserting a request to transfer the victim's tokens to the attacker's chosen address. It's currently estimated that around $120 million were siphoned off via this attack. A single transfer saw 896 Bitcoin being diverted this way - a cool $50 million.
As soon as BadgerDAO became aware of suspect wallet activity, the company immediately froze all smart contracts running in its platform - a way to stem the bleeding until the security audit could be conducted. Thursday night, BadgerDAO announced it had "retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own."
According to BadgerDAO, the attacker managed to access the Cloudflare API used by the company without triggering the two-factor authentication protection that should have been enabled. Of course, two-factor (or multi-factor) authentication can and has been subverted before; there have been multiple instances of phishing attempts that manage to cross the bridge over to 2FA keys, and there are even toolkits available that automate the entire process. While it's still one of the most cost-effective ways to increase security access whenever credentials are involved, like every security measure, it requires attentive user interactions. As cryptocurrencies' mainstream attraction and adoption increases, so too will the upside of pulling of these hacking stunts; and so too are heists expected to increase in frequency - and scale.
Sources:
The Verge, BadgerDAO @ Twitter, Peckshield @ Twitter
As soon as BadgerDAO became aware of suspect wallet activity, the company immediately froze all smart contracts running in its platform - a way to stem the bleeding until the security audit could be conducted. Thursday night, BadgerDAO announced it had "retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own."
34 Comments on BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
Enjoy your 50PLN loaf of bread in Q3 2022. Ah, the joy of fiat funnymoney.
And don't even mention inflation when BTC can jump 10% within a day.
Cryptocurrencies tend to be deflationary, fiat is always inflationary
"I'm going crypto to free me from government shackles and avoid paying taxes!"
Then one day, crypto is stolen.
"Government, please help me!"
To be fair the government fails to protect most people from regular financial scams, so I don't expect anything from them.
BTC has a capped supply, it is a deflationary asset; ETH has a predictable supply. ETH is much more than a currency/store of value.
The USD is an inflationary asset on the verge of hyperinflation. If the USD was a cryptocurrency, it would be the biggest shit coin of them all. It's tied to NOTHING, literally nothing - it is literally monopoly money.
The money system is so complex that even experts do not understand it. And it's designed that way for that reason. We have financial experts studying for years, beeing trained to play the "money game", but they aren't teached what money actually is. But with the out of control inflation devaluating peoples savings & money scandals after another (cherry on the cake was the CumEx Trading Sheme, where they stole more than 60billion tax payer money), more people start asking questions.
Our financial system is doomed anyway. If our central banks wouldn't flood the market with cash created out of thin air, the system would have collapsed decades ago. And since it's designed to be globally interconnected, there is no governement able to change anything without getting isolated from the global market. Or if they try their country will get bombed to ashes, see Muammar al-Gaddafi.
Crypo currencies could be a way out, but it also has a lot of flaws. Huge energy waste, Bitcoin exchanges aren't as safe as bank transfers yet, you can not sustain the social system etc. without taxing somehow, Bitcoins get lost day by day, and Bitcoin has no stable course. Just a tweet from Elon Musk creates market shaking turbulences. And not to forget that Bitcoin is mostly used for money laundering & illegal activities.
And we don't even know who programmed Bitcoin. There are so many names thrown around, but it could be anyone. Whoever did it is now most likely the richest dude on the planet, so rich that Jeff Bezos would be his boot licker. Heck, I wouldn't even be surprised if Bitcoin was programmed by the NSA so they can stock up cash for their black budget for illegal activities. Way less risk & way more profits than the Barry Seal operation. And no traces.
Remind me (other than thin air) what the USD is tied to again?Roughly 3% of BTC transactions are estimated to be used for illegal activity. BTC is terrible for illegal transactions as it has a public ledger. Monero might be a different story.
The real criminals are the banks. JP Morgan Chase alone: violationtracker.goodjobsfirst.org/parent/jpmorgan-chase