- An exploit that may have attacked the yield vault protocol’s front end has been discovered.
- The maximum amount a user lost is over 900 BTC, or approximately 50 Million dollars. Here’s the transfer-out transaction.
The BadgerDAO yield vault technology, a mainstay of decentralized finance (DeFi), has been hacked, resulting in the theft of $10 million in various cryptocurrencies, and a single user losing $50 Million worth of 896 BTC.
At 9 p.m. EST on Wednesday, users in the protocol’s Discord first reported possible issues.
The attack, according to community speculation, was caused by an exploit in the Badger.com user interface rather than in the underlying protocol contracts. Many impacted users allege that their wallet providers prompted them for additional permissions while receiving yield farming prizes and dealing with Badger vaults.
“It appears that a group of users had approvals set for the exploit address, allowing [the address] to act on their vault funds, which was abused,” Badger core contributor Tritium posted on Discord.
“Once we realized what was going on, we froze all the vaults so nothing could move,” he explained. “We’re trying to figure out where the approvals came from, how many people have them, and what the next steps are.”
The exploit was also confirmed on Twitter by the team.
By the time of publication, a Badger spokesman had not responded to a request for comment.
According to witnesses, the hacker took 185 WBTC, 136,000 cvxCRV, 64,000 veCVX, and various types of vaulted and synthetic bitcoin valued at over $10 million from the afflicted wallets. However, in a more recent tweet by Pecksheid, a transaction shows the hacker getting away with 896 BTC or approximately 900 USD. While the majority of the money was stolen on Wednesday night, the malicious authorization requests could have been issued weeks before the incident.
Despite the fact that the contracts have been suspended, community members advise depositors to use tools like Debank and Unrekt to withdraw authorization for the malicious contract.
BadgerDAO’s BADGER token is currently trading at $24.80 per token, down 6.9% on the day.
This narrative is still unfolding…And the platform will soon release a post-mortem.