Hackers Exploit Smart Contracts to Steal Millions from BadgerDAO

One of the best use-cases for smart contracts is decentralized finance. The potential is evident, especially now that new financial instruments and services are available all around the world.

Majorities of these projects are fairly new, and they incorporate cutting-edge features to stay relevant and competitive. One of the primary difficulties affecting the DeFi business is security, as BadgerDAO just became one of its latest victims of hackers.

However, not all is good. With new technology comes a high prevalence of exploits and faults. Top auditing firms are still looking for these flaws, but knowing that there are millions of dollars in the line, plenty of hackers are working just as hard ensure that they locate them first.

BadgerDAO was the subject of the most recent hack attack. BadgerDAO was built in September 2020 and received a lot of positive feedback.

Its Ethereum-based platform was created to meet the growing demand and need for Bitcoin-based DeFi applications on the blockchain networks.

BadgerDAO had increased in popularity, and the products Sett Vaults and Digg, as well as BADGER token, had been profitable. But on the 2^nd of December, it was revealed that the platform had been heavily misused.

Someone had discovered a technique to perform unauthorized withdrawals on BadgerDAO’s platform, the company announced on Twitter. But unlike many DeFi hacks, this one wasn’t about manipulating token pricing or exploiting smart contract problems; instead, the flaw was caused by a weakness in the web service.

The hacker used CloudFare to insert bogus API keys into the wallets of other users. The hacker was able to approve withdrawals because of this.

The BadgerDAO platform is unique in that it uses Bitcoin but it’s built on Ethereum, meaning that approvals are done through a website rather than using smart contracts.

Initially, BadgerDAO announced that it had lost $10m following the exploit. But later, third parties confirmed that BadgerDAO had lost huge sums to the tune of $115m. In fact, there was an individual who had $50m lost with hackers targeting some of the platforms large wallets.

You’ll find BadgerDAO among the few platforms with a cover from the Nexus Mutual’s insurance policy, but only in the condition that the user had agreed to use it. For now, nobody is sure as to whether Nexus Mutual will be able to compensate Badger DAO. There are reports that only a coverage of $14m had been purchased previously.

BADGER, BadgerDAO’s token plummeted significantly and currently stands at 22%. BadgerDAO has in the meantime stopped its entire smart contracts withdrawals up to a time that it figures out how they can halt the exploit. But as things stand, they’ll have to work extra hard to gain trust following this incident.