Badger DAO Appears to Have Lost Over USD 120M in an Attack

Badger DAO, a Decentralized Autonomous Organization (DAO) that allows Bitcoin (BTC) to be used as collateral in Decentralized Finance (DeFi) applications, has been the victim of an exploit.

The project was originally thought to have lost over $ 10 million in crypto assets. However, Etherescan’s transactions suggest that one of the affected users lost about 897 WBTC (packed BTC) ($ 51M), which means the hack is much more than originally thought.

In addition, Etherescan transactions show that the hacker took away WBTC 1085), 136,000 cvxCRV (Convex CRV), 64,000 veCVX and other forms of storage and synthetic cryptoassets from users’ wallets, resulting in over $ 62 million.

However, after further research, blockchain analytics and security company PeckShield claimed that the total loss resulting from this hack is a whopping $ 120.29 million. This includes a significant amount of Bitcoin and Ethereum: 2,100 BTC and 151 ETH, according to their calculations. The company also provided a list of addresses as the “current location” of the stolen funds.

Source: PeckShield Inc.

BadgerDAO does not deny or confirm this information at the time of writing. According to their latest updates, the investigation is ongoing.

“Badger has hired data forensics experts Chainalysis to investigate the full scale of the incident, and the US and Canadian authorities have been informed, and Badger is fully cooperating with external investigations as well as conducting its own.” said tweet.

Meanwhile, on the Some Twitter users, as well as Reddit users, one individual or entity that lost nearly 897 Badger WBTC worth $ 50.39 million to the exploiter was none other than the Celsius Network (CEL). The reason for the conclusion that “this address belongs to Celsius” is that “it interacted with other addresses that are known to be theirs.” Users continued to provide a list of addresses that were allegedly associated with Celsius and interacted with each other, but Redditor also stressed that this was just speculation. reached out to Celsius for comment.

On Thursday, the Badger team confirmed the hack, saying they had “received reports of unauthorized withdrawals” from users and that smart contracts were suspended to stop withdrawals.

Meanwhile, some users speculate that an attacker “sneaked in claims between legitimate deposit and reward transactions,” stealing funds for about 12 days, adding that it could be so-called “rug pulling” where developers abandon a project and flee. at the expense of investors.

However, a major contributor to Badger Tritium said on Discord that some users may have approved an exploit address to work with their repository assets. “It looks like a group of users have approved exploit addresses that allow [the address] to work with the funds of its repository, and this was used, ”said Tritium.

“As soon as we noticed that we froze all the vaults so that nothing could move, we are trying to figure out where the permits came from, how many people have them and what to do next,” added Tritium.