$120 million in cryptocurrency stolen |
The crypto wallets of dozens of Badger DAO protocol users have been bypassed with malicious contract permissions. Badger DAO focuses on introducing Bitcoin into decentralized finance.
According to blockchain security and data analytics firm Peckshield, the company is partnering with Badger DAO to investigate the theft, and the value of the tokens stolen in the attack is estimated to be around $120 million. It includes 2,100 Bitcoin and 151 Ethereum.
During the investigation, members of Badger's DAO team advised users that they believed the problem was caused by someone pasting malicious text into the Badger.com user interface, rather than the basic convention.
For any user interacting with the site while the script is active, it intercepts the Web3 transaction and inserts a request to move the victim's token to the address chosen by the attacker.
Due to the transparency of the transaction, it is possible to see what happened once the attacker committed the theft. PeckShield reported that a single transaction removed over $50 million of 896 bitcoins from the attacker's wallet.
According to the team, the malware appeared on November 10, and attackers ran it at seemingly random intervals to avoid detection.
Decentralized financial systems or DeFi systems rely on blockchain technology to enable holders of cryptocurrency to conduct typical financing transactions, such as b- earning interest through loans.
The Badger DAO protocol enables Bitcoin holders to connect their cryptocurrency to the Ethereum platform via their tokens and take advantage of DeFi opportunities that they may not otherwise be able to access.
Once Badger DAO becomes aware of unauthorized transfers, all smart contracts will be suspended. This basically caused his rig to freeze. Users are advised to refuse all transactions at the attacker's address.
Cryptocurrency theft continues
The company said it has hired data expert Chainalysis to investigate the full scope of the incident. US and Canadian authorities have been notified. The Company fully cooperates with external investigations while pursuing its own investigations.
Badger DAO explores how to access Cloudflare using an API key. This should be protected by two-factor authentication.
Although this attack did not reveal the specific shortcomings of the blockchain technology itself. It can take advantage of legacy Web 2.0 technology that most users have to use for transactions.
The multi-factor authentication system protects the account from various phishing schemes. However, experts warn that it can be circumvented through targeted phishing attacks. These tools have been able to automate the process for many years.
A 2019 FBI report found that criminals are increasingly able to bypass multifactor authentication. He suggested making changes or training to increase the difficulty of such attacks.