Badger’s Decentralized Autonomous Organization (DAO) attacked via an exploit in a smart contract. Moreover, only one user lost 896 BTC ($ 51 million).
reported on Twitter that on December 2, a hacker attacked the Ethereum protocol via the smart contract address 0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107. As a result of the cyber attack, users lost $ 10.6 million in cryptocurrencies. In the comments to the developers’ message, information appeared that only one of the users lost 896 BTC (about $ 51 million). In general, more than $ 60 million worth of cryptocurrencies were stolen from the decentralized financial platform, but the final figure may turn out to be even higher.
Badger strongly recommends that users who have used the above smart contract revoke their permission to interact with this contract with a cryptocurrency wallet. To do this, you need to enter the wallet, which can be compromised, and prohibit it from interacting with the smart contract.
The site draws attention to the fact that although the attack took place quite recently, the permission for the smart contract could have been signed a few weeks ago. Initially, Badger did not confirm the presence of the exploit. However, at 9:30 am ET, she agreed to the problem in her contract.
All Badger smart contracts have been suspended to prevent further exploitation of the vulnerability. In early posts, Badger users reported receiving unusual spending requests from smart contracts. It is assumed that these requests were an attack through the front-end of the protocol.
This week, the MonoX project lost $ 31 million in cryptocurrencies due to a cyberattack. The hacker exploited a vulnerability in the project’s swap contracts, raised the price of the MONO token, and then bought and withdrawn WETH and MATIC tokens. Last month, hackers stole $ 55 million worth of cryptocurrencies from the DeFi bZx project. The attacker used private keys to manage contracts on the Polygon and Binance Smart Chain networks. This year has been a real test for the security systems of DeFi applications. In ten months of 2021, hackers removed $ 680 million from decentralized finance projects during 70 attacks.