[TheRecord] Hackers steal $120 million from Badger DeFi platform

Hackers have stolen an estimated $120 million worth of Bitcoin and Ether assets from Badger, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations.

Badger has confirmed the hack in a statement published on Twitter earlier today, freezing its platform while staff investigates the breach.

Blockchain analysis firm PeckShield, which was the first to notice the heist, claims the hackers managed to steal more than 2,100 Bitcoin and 151 Ether from Badger user accounts before the company shut down its systems. The sum was estimated at $120.3 million at the time of the heist, the security firm said on Twitter.

Here is the current whereabouts as well as the total loss: $120.3M (with ~2.1k BTC + 151 ETH) @BadgerDAO pic.twitter.com/fJ4hJcMWTq

— PeckShield Inc. (@peckshield) December 2, 2021

PeckShield said that one user alone lost more than 900 Bitcoin, roughly $50.5 million.

Cryptocurrency news outlets like CoinspeakerCryptoBriefing, and CryptoSlate cited several users from Badger’s Discord channel who claimed that the attacker exploited a vulnerability in the platform’s user interface to gain access to user accounts and exfiltrate funds.

Badger, which has not returned requests for comment so far to The Record or any other news outlet, has not confirmed these theories.

Typically, attacks on cryptocurrency platforms usually involve gaining access to an employee account or exploiting bugs in the platform’s trading protocols rather than the platform’s user interface.

So far, the Badger incident currently ranks as the third-largest heist of a cryptocurrency platform this year, behind PolyNetwork and Cream Finance.

PolyNetwork – $600 millionCream Finance – $130 million (October)Badger – $120 millionLiquid – $94 millionEasyFi – $81 millionbZx – $55 millionUranium Finance – $50 millionCream Finance – $37 million (February)Alpha Homora – $37 millionVee Finance – $35 millionMeerkat Finance – $31 millionSpartan – $30 millionCream Finance – $29 million (August)pNetwork – $12 millionRari Capital – $11 million

The post Hackers steal $120 million from Badger DeFi platform appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2021-01-29

“Kun Vastaamo-tiedosto poistetaan yhdestä paikasta, se ilmestyy kahteen uuteen” poliisilta vahva vetoomus netin käyttäjille www.is.fi/digitoday/tietoturva/art-2000007768820.html Vastaamo-tietojen jakaminen ja uudelleenjulkaiseminen on avannut uuden haaran keskusrikospoliisin tutkinnassa. Poliisi peräänkuuluttaa verkon käyttäjiltä yhteiskuntavastuuta. Poliisi vetoaa kansalaisiin, etteivät nämä koskisi Vastaamo-tiedostoon tai jakaisi sitä eteenpäin. Sillä saattaa olla rikosoikeudellisia seurauksia, mutta kyse on myös vastuullisuudesta. – Poliisi korostaa tässä […]

Read More

[TheRecord] Google Docs commenting feature abused in phishing operations

Threat actors are using the commenting feature of Google Docs files to lure users on phishing sites or to download malware-infected files. In a report today, email security firm Avanan said it has seen the technique being abused in malware distribution campaigns last month, in December 2021. The technique, first documented in the fall of 2020, is extremely […]

Read More

Daily NCSC-FI news followup 2021-07-06

Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly thehackernews.com/2021/07/kaseya-rules-out-supply-chain-attack.html While initial reports raised speculations that the ransomware gang might have gained access to Kaseya’s backend infrastructure and abused it to deploy a malicious update to VSA servers running on client premises, in a modus operandi similar to that of the devastating […]

Read More