BadgerDAO reportedly suffered a security breach and lost USD 10 million
The BadgerDAO decentralized financial protocol appears to have suffered a cyber attack, and reportedly lost $10 million at the time of writing.
The attack was made public at around 2 a.m. UTC on December 2, targeting the protocol on the Ethereum network with the contract address 0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107.
For reference only, the malicious front-end attack on Badger looks like using rug to approve the withdrawal of about 10m from people’s wallets.If you have interacted with anything badger-related in the past few weeks, please check and revoke it as soon as possible https://t.co/vJPMmBZ3af
-Speak (@speechaway) December 2, 2021
Users who have interacted with this contract are urged to revoke their wallet permissions.
To revoke access to the contract, please visit Ethernet Scanning Network And log in with a wallet that you think may be exposed. Although this attack occurred only recently, the license of the contract may have been established a few weeks ago.
total Unproven The loss was approximately US$10.6 million.
The BadgerDAO team has not confirmed the vulnerability, but it has been released tweet 4:30 AM UTC time Confirmation of a problem report. All smart contracts on BadgerDAO have been suspended to prevent more potentially malicious withdrawals.
Badger has received reports of unauthorized withdrawal of user funds.
When Badger engineers investigated this, all smart contracts were suspended to prevent further withdrawals.
Our investigation is ongoing and we will release more information as soon as possible.
— ?adgerDAO (@BadgerDAO) December 2, 2021
Early reports stated that some users received abnormal Spend the request from the smart contract on the protocol. It is suspected that these requests are attacks through the front end of the protocol.
Some people revised the value of the suspected loss to more than 100 million U.S. dollars, and one of them user Allegedly $90 million was lost.
On Badger’s official Discord server, core contributor Tritium wrote: “It looks like a bunch of users have set approval for the vulnerability address, allowing it to use their vault funds to operate, and then it was exploited.”
At the time of writing, BADGER is down 15% to $22.71 Gingerko.