Badger DAO, a decentralized autonomous organization (DAO) that enables bitcoin (BTC) to be used as collateral across decentralized finance (DeFi) applications, has fallen victim to an exploit. 

It was originally speculated that the project has lost over USD 10m worth of cryptoassets. However, Etherescan transactions suggest that one of the affected users has lost around 897 WBTC (wrapped BTC) (USD 51m), implying that the hack is much bigger than initially thought.

Furthermore, Etherescan transactions show that the hacker has taken WBTC 1,085), 136,000 cvxCRV (Convex CRV), 64,000 veCVX, and other forms of vaulted and synthetic crypto assets from users wallets – pushing the amount stollen over USD 62m. 

The Badger team has confirmed the hack, saying that they have “received reports of unauthorized withdrawals” of user funds, and that smart contracts have been paused to stop withdrawals.

Meanwhile, some users speculate that the attacker has been “sneaking in approvals in between legit deposit and reward transactions,” stealing funds for approximately 12 days, adding that it could be a so-called rug pull, when developers abandon a project and run away with investors’ funds.

However, Badger core contributor Tritium said on Discord that some users might have approved the exploit address to operate on their vault funds. “It looks like a bunch of users had approvals set for the exploit address allowing [the address] to operate on their vault funds and that was exploited,” Tritium said.

“Once we noticed we froze all the vaults so nothing can move and are trying to figure out where the approvals came from, how many people have them, and what next steps are,” Tritium added.

Source: Cryptonews

RELATED ARTICLESMORE FROM AUTHOR

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments