A blockchain security and data analytics Peckshield is working with Badger to investigate the matter. The team members of Badger believe the issue came from someone inserting a malicious script in the UI of the website. The users who connect with the website at the time when the script was active, it stop the Web3 transactions and requests to transfer the tokens to the address selected by the hackers.
Hackers Stole Bitcoins Worth $120 Million by Hacking DeFi Website
The data and security analytics company PeckShield claims that the total loss amount is around 2,100 BTC and 151 ETH. The users first reported the issues in the protocol’s channel on the Discord messaging app at 9 PM ET on Wednesday. Speculations were, the Badger.com user interface was hacked and not the core protocol contracts. Most of the affected users reported while claiming yield farming rewards. For now, the platform has paused all the online contracts to be safe. Badger is investigating how the attacker connected to Cloudflare using an API key that is protected by two-factor authentication. PeckShield notes, one transfer of 896 Bitcoin into the attacker’s pocket was worth more than $50 million. According to the reports, the malicious code appeared on November 10, and the attackers ran it randomly to avoid detection. Decentralized finance (or DeFi) is the latest to fall victim to hack. The system of DeFi depends on blockchain technology, it allows crypto owners to perform finance operations like earning interest. The company posted a tweet saying it has retained the data,
Badger has retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own. — ₿adgerDAO 🦡 (@BadgerDAO) December 2, 2021 Badger is investigating the matter as the attack didn’t reveal specific flaws in the Blockchain. The hackers have managed to use the old web 2.0 technology, which is used for transactions by most users. The experts have warned about targeted phishing attacks that can bypass it.