BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack

Raevenlord · Dec 3, 2021

BadgerDAO, "one of the most security-minded DAOs in operation", has been hit with a cryptocurrency heist enabled via a JavaScript hack on their website. BadgerDAO enables Bitcoin holders to "bridge" their cryptocurrency over to the smart-contract and DeFi-enabled Ethereum platform via its token, thus allowing access to the world of decentralized finance. After preliminary investigations aided by blockchain security and data analytics Peckshield, it seems that the bad actors inserted a malicious script in the BadgerDAO website - in turn intercepting Web 3.0 transactions and inserting a request to transfer the victim's tokens to the attacker's chosen address. It's currently estimated that around $120 million were siphoned off via this attack. A single transfer saw 896 Bitcoin being diverted this way - a cool $50 million.

As soon as BadgerDAO became aware of suspect wallet activity, the company immediately froze all smart contracts running in its platform - a way to stem the bleeding until the security audit could be conducted. Thursday night, BadgerDAO announced it had "retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own."

According to BadgerDAO, the attacker managed to access the Cloudflare API used by the company without triggering the two-factor authentication protection that should have been enabled. Of course, two-factor (or multi-factor) authentication can and has been subverted before; there have been multiple instances of phishing attempts that manage to cross the bridge over to 2FA keys, and there are even toolkits available that automate the entire process. While it's still one of the most cost-effective ways to increase security access whenever credentials are involved, like every security measure, it requires attentive user interactions. As cryptocurrencies' mainstream attraction and adoption increases, so too will the upside of pulling of these hacking stunts; and so too are heists expected to increase in frequency - and scale.

View at TechPowerUp Main Site

Chomiq · Dec 3, 2021

Lol, as if authorities will do anything about it.

Caring1 · Dec 3, 2021

Hopefully the funds can be returned and the bad guys caught.

londiste · Dec 3, 2021

Chomiq said:
Lol, as if authorities will do anything about it.

Technically, are ETH/BTC anything like currency or financial instrument yet? If not, this would probably end up as civil case which is quite a lot less likely to go anywhere...

Vya Domus · Dec 3, 2021

Chomiq said:
Lol, as if authorities will do anything about it.

Even if they do it will probably go nowhere. Done right you can launder the money with zero chances of ever being traced again, then some time later, somewhere a "lucky" individual will sell an NFT for a couple of million and that will be the end of it.

Chomiq · Dec 3, 2021

londiste said:
Technically, are ETH/BTC anything like currency or financial instrument yet? If not, this would probably end up as civil case which is quite a lot less likely to go anywhere...

It's monopoly money.

R0H1T · Dec 3, 2021

londiste said:
Technically, are ETH/BTC anything like currency or financial instrument yet? If not, this would probably end up as civil case which is quite a lot less likely to go anywhere...

Probably anywhere except the US, in civil cases you can easily lose your proverbial pants.

InVasMani · Dec 3, 2021

Some hacker landed on boardwalk honey badger don't care...

TheUn4seen · Dec 3, 2021

Chomiq said:
It's monopoly money.

Your profile says you're from Poland. Hate to break it to you, PLN is more of a Monopoly money, even worse with very poor government management and highest inflation in something like two decades. As is all fiat money by definition, in Monopoly money is worth whatever the manufacturer says it is - and, at least, there is no crippling inflation -, fiat money is just silly papers worth whatever old farts in the government say it's worth. If the farts have dementia and get overwhelmed by greed you get your million Venezuelan Bolivar meal.
Enjoy your 50PLN loaf of bread in Q3 2022. Ah, the joy of fiat funnymoney.

Chomiq · Dec 3, 2021

TheUn4seen said:
Your profile says you're from Poland. Hate to break it to you, PLN is more of a Monopoly money, even worse with very poor government management and highest inflation in something like two decades. As is all fiat money by definition, in Monopoly money is worth whatever the manufacturer says it is - and, at least, there is no crippling inflation -, fiat money is just silly papers worth whatever old farts in the government say it's worth. If the farts have dementia and get overwhelmed by greed you get your million Venezuelan Bolivar meal.
Enjoy your 50PLN loaf of bread in Q3 2022. Ah, the joy of fiat funnymoney.

Please remind me what would be transaction fee if I wanted to buy a loaf of bread with bitcoin?
And don't even mention inflation when BTC can jump 10% within a day.

TheUn4seen · Dec 3, 2021

Chomiq said:
Please remind me what would be transaction fee if I wanted to buy a loaf of bread with bitcoin?
And don't even mention inflation when BTC can jump 10% within a day.

In the exchange I use total fees come to around 1.5% for Ethereum to fiat exchange. The thing is, with Ethereum I earned 12.76% in the last month just by having it in my wallet. With fiat, I lost almost half a percent to inflation.
Cryptocurrencies tend to be deflationary, fiat is always inflationary

InVasMani · Dec 3, 2021

Cryptocurrency gets exchanged for fiat currency. Really all it's doing is serving to collapse fiat currencies effectively. Who stands to gain from that I wonder!?

R0H1T · Dec 3, 2021

TheUn4seen said:
With fiat, I lost almost half a percent to inflation.

Except none of the "crypto currencies" are comparable to regular fiat, even if they claim otherwise! You could easily get much higher returns if you invested in certain (good) stocks & the chances of that company going kaput are negligible as compared to anything crypto including BTC.

holyprof · Dec 3, 2021

As someone wise posted on a forum I've read:
"I'm going crypto to free me from government shackles and avoid paying taxes!"
Then one day, crypto is stolen.
"Government, please help me!"

noel_fs · Dec 3, 2021

TheUn4seen said:
In the exchange I use total fees come to around 1.5% for Ethereum to fiat exchange. The thing is, with Ethereum I earned 12.76% in the last month just by having it in my wallet. With fiat, I lost almost half a percent to inflation.
Cryptocurrencies tend to be deflationary, fiat is always inflationary

you might as well lose 50% tomorrow, some people really dont understand how most crypto work.

Yraggul666 · Dec 3, 2021

This demands celebration, i'll have vodka tonic tonight. Cheers!

mashie · Dec 3, 2021

Ah well, nothing of value was lost.

Vya Domus · Dec 3, 2021

holyprof said:
As someone wise posted on a forum I've read:
"I'm going crypto to free me from government shackles and avoid paying taxes!"
Then one day, crypto is stolen.
"Government, please help me!"

Technically crypto itself is pretty safe and can't really be stolen easily, it's these layers built on top of them that are the weak spot.

To be fair the government fails to protect most people from regular financial scams, so I don't expect anything from them.

demian_vi · Dec 3, 2021

TheUn4seen said:
Your profile says you're from Poland. Hate to break it to you, PLN is more of a Monopoly money, even worse with very poor government management and highest inflation in something like two decades. As is all fiat money by definition, in Monopoly money is worth whatever the manufacturer says it is - and, at least, there is no crippling inflation -, fiat money is just silly papers worth whatever old farts in the government say it's worth. If the farts have dementia and get overwhelmed by greed you get your million Venezuelan Bolivar meal.
Enjoy your 50PLN loaf of bread in Q3 2022. Ah, the joy of fiat funnymoney.

so much passion defending monopoly money over PLN wccftech is looking for you

Wirko · Dec 3, 2021

Chomiq said:
Please remind me what would be transaction fee if I wanted to buy a loaf of bread with bitcoin?
And don't even mention inflation when BTC can jump 10% within a day.

♛ Keep calm and buy on dips, then sell on rallies. It's so easy.

b4psm4m · Dec 3, 2021

Chomiq said:
It's monopoly money.

Could be worse, could be the USD - the US is 2 weeks from hitting its debt ceiling, this dance between the political parties will be resolved before that no doubt, but it doesn't change the fact that the currency is not the rock of stability it once was. 25% of all USD was printed in 2020. Chase bank is offering < 0.1% interest.

BTC has a capped supply, it is a deflationary asset; ETH has a predictable supply. ETH is much more than a currency/store of value.

The USD is an inflationary asset on the verge of hyperinflation. If the USD was a cryptocurrency, it would be the biggest shit coin of them all. It's tied to NOTHING, literally nothing - it is literally monopoly money.

timta2 · Dec 4, 2021

b4psm4m said:
Could be worse, could be the USD - the US is 2 weeks from hitting its debt ceiling, this dance between the political parties will be resolved before that no doubt, but it doesn't change the fact that the currency is not the rock of stability it once was. 25% of all USD was printed in 2020. Chase bank is offering < 0.1% interest.

BTC has a capped supply, it is a deflationary asset; ETH has a predictable supply. ETH is much more than a currency/store of value.

The USD is an inflationary asset on the verge of hyperinflation. If the USD was a cryptocurrency, it would be the biggest shit coin of them all. It's tied to NOTHING, literally nothing - it is literally monopoly money.

Keep telling yourself that, as long as it makes you feel better. We know who's going to have the last laugh, when that scam collapses.

R0H1T · Dec 4, 2021

Vya Domus said:
Technically crypto itself is pretty safe and can't really be stolen easily, it's these layers built on top of them that are the weak spot.

So is cash i.e. fiat, safer than any thing else you might argue.

MarsM4N · Dec 5, 2021

TheUn4seen said:
Your profile says you're from Poland. Hate to break it to you, PLN is more of a Monopoly money, even worse with very poor government management and highest inflation in something like two decades. As is all fiat money by definition, in Monopoly money is worth whatever the manufacturer says it is - and, at least, there is no crippling inflation -, fiat money is just silly papers worth whatever old farts in the government say it's worth. If the farts have dementia and get overwhelmed by greed you get your million Venezuelan Bolivar meal.
Enjoy your 50PLN loaf of bread in Q3 2022. Ah, the joy of fiat funnymoney.

Exactly.

But you can not blame the average Joe for it.

The money system is so complex that even experts do not understand it. And it's designed that way for that reason. We have financial experts studying for years, beeing trained to play the "money game", but they aren't teached what money actually is. But with the out of control inflation devaluating peoples savings & money scandals after another (cherry on the cake was the CumEx Trading Sheme, where they stole more than 60billion tax payer money), more people start asking questions.

Our financial system is doomed anyway. If our central banks wouldn't flood the market with cash created out of thin air, the system would have collapsed decades ago. And since it's designed to be globally interconnected, there is no governement able to change anything without getting isolated from the global market. Or if they try their country will get bombed to ashes, see Muammar al-Gaddafi.

Crypo currencies could be a way out, but it also has a lot of flaws. Huge energy waste, Bitcoin exchanges aren't as safe as bank transfers yet, you can not sustain the social system etc. without taxing somehow, Bitcoins get lost day by day, and Bitcoin has no stable course. Just a tweet from Elon Musk creates market shaking turbulences. And not to forget that Bitcoin is mostly used for money laundering & illegal activities.

And we don't even know who programmed Bitcoin. There are so many names thrown around, but it could be anyone. Whoever did it is now most likely the richest dude on the planet, so rich that Jeff Bezos would be his boot licker. Heck, I wouldn't even be surprised if Bitcoin was programmed by the NSA so they can stock up cash for their black budget for illegal activities. Way less risk & way more profits than the Barry Seal operation. And no traces.

b4psm4m · Dec 5, 2021

timta2 said:
Keep telling yourself that, as long as it makes you feel better. We know who's going to have the last laugh, when that scam collapses.

Bitcoin has gone from < $1 to ~$50,000 in 12 years. In the same timeframe the USD has lost 30% of its buying power...nice. This has nothing to do with crypto - this is just a fact, the USD in your bank account likely earns less interest than the rate of inflation - so you're actually losing wealth as we speak.

Remind me (other than thin air) what the USD is tied to again?

MarsM4N said:
And not to forget that Bitcoin is mostly used for money laundering & illegal activities.

Roughly 3% of BTC transactions are estimated to be used for illegal activity. BTC is terrible for illegal transactions as it has a public ledger. Monero might be a different story.

The real criminals are the banks. JP Morgan Chase alone: https://violationtracker.goodjobsfirst.org/parent/jpmorgan-chase

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

Processor	Ryzen 7 5800X3D
Motherboard	Gigabyte X570 Aorus Elite
Cooling	Thermalright Phantom Spirit 120 SE
Memory	2x16 GB Crucial Ballistix 3600 CL16 Rev E @ 3600 CL14
Video Card(s)	RTX3080 Ti FE
Storage	SX8200 Pro 1 TB, Plextor M6Pro 256 GB, WD Blue 2TB
Display(s)	LG 34GN850P-B
Case	SilverStone Primera PM01 RGB
Audio Device(s)	SoundBlaster G6 \| Fidelio X2 \| Sennheiser 6XX
Power Supply	SeaSonic Focus Plus Gold 750W
Mouse	Endgame Gear XM1R
Keyboard	Wooting Two HE

System Name	H7 Flow 2024
Processor	AMD 5800X3D
Motherboard	Asus X570 Tough Gaming
Cooling	Custom liquid
Memory	32 GB DDR4
Video Card(s)	Intel ARC A750
Storage	Crucial P5 Plus 2TB.
Display(s)	AOC 24" Freesync 1m.s. 75Hz
Mouse	Lenovo
Keyboard	Eweadn Mechanical
Software	W11 Pro 64 bit

Processor	Ryzen 7800X3D
Motherboard	ROG STRIX B650E-F GAMING WIFI
Memory	2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s)	INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage	2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s)	42" LG C2 OLED, 27" ASUS PG279Q
Case	Thermaltake Core P5
Power Supply	Fractal Design Ion+ Platinum 760W
Mouse	Corsair Dark Core RGB Pro SE
Keyboard	Corsair K100 RGB
VR HMD	HTC Vive Cosmos

System Name	Good enough
Processor	AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard	ASRock B650 Pro RS
Cooling	2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory	32GB - FURY Beast RGB 5600 Mhz
Video Card(s)	Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage	1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s)	LG UltraGear 32GN650-B + 4K Samsung TV
Case	Phanteks NV7
Power Supply	GPS-750C

Processor	9600k
Motherboard	MSI Z390I Gaming EDGE AC
Cooling	Scythe Mugen 5
Memory	32GB of G.Skill Ripjaws V 3600MHz CL16
Video Card(s)	MSI 3080 Ventus OC
Storage	2x Intel 660p 1TB
Display(s)	Acer CG437KP
Case	Streacom BC1 mini
Audio Device(s)	Topping MX3
Power Supply	Corsair RM750
Mouse	R.A.T. DWS
Keyboard	HAVIT KB487L / AKKO 3098 / Logitech G19
VR HMD	HTC Vive
Benchmark Scores	What's a "benchmark"?

System Name	Dreamstation2
Processor	Ryzen 7 3700X
Motherboard	MSI X470 Gaming Plus
Cooling	Hyper 212 Black Edition
Memory	Kingston HyperX 32GB DDR4 3200 CL16
Video Card(s)	Aorus 2080 Ti Turbo (sounds like a vaccum cleaner at full load)
Storage	2 x 1TB M.2 NVME + 1TB 2.5" SSD
Display(s)	Samsung Odyssey G7 32" 4k
Case	NZXT H500i
Audio Device(s)	Asus Xonar U3 / Audio-Technica ATH-M50x / Edifier R1855DB
Power Supply	Corsair TX650M
Mouse	Corsair Scimitar Pro RGB
Keyboard	Cooler Master Masterkeys Lite L

Processor	Ryzen 5700X
Motherboard	Gigabyte B550 Arous Elite V2
Cooling	Thermalright PA120
Memory	Kingston FURY Renegade 3600Mhz @ 3733 tight timings
Video Card(s)	Sapphire Pulse RX 6800
Storage	36TB
Display(s)	Samsung QN90A
Case	be quiet! Dark Base Pro 900
Audio Device(s)	Khadas Tone Pro 2, HD660s, KSC75, JBL 305 MK1
Power Supply	Coolermaster V850 Gold V2
Mouse	Roccat Burst Pro
Keyboard	Dogshit with Otemu Brown
Software	W10 LTSC 2021

System Name	HELL->o!
Processor	Ryzen 7 5800X3D
Motherboard	MSI MEG X570S Ace Max
Cooling	BeQuiet! Pure Loop 2 FX 280
Memory	2x16GB G.Skill RipjawsV 3600CL14 [14-14-14-34]@1.456V
Video Card(s)	6800 XT Red Devil
Storage	4x M.2; 3x Sata SSD
Display(s)	MSI Optix MAG274QRF-QD & MSI MP251
Case	BeQuiet! Dark Base PRO 901
Audio Device(s)	JBL 4305p & JBL 4329p \| EPOS H3PRO Hybrid
Power Supply	Seasonic Prime TX-1000
Mouse	ReDragon M711 FPS
Keyboard	ReDragon Broadsword
Software	Win10 Pro 64
Benchmark Scores	Nope

System Name	IONE
Processor	AMD Ryzen 9 5900X
Motherboard	ASUS STRIX B550-A Gaming
Cooling	Noctua NH-U12S SE-AM4
Memory	128GB (4x32GB) Corsair DDR4 Vengeance LPX Black, PC4-25600 (3200), CMK128GX4M4E3200C16
Video Card(s)	PNY GeForce RTX 3080 12GB
Storage	Samsung 980 1TB NVMe (system), Lexar NM790 4TB NVMe (temp), 16x Seagate IronWolf 10TB RAID6
Display(s)	Dell UP3017
Case	Lian-Li PC-777B
Audio Device(s)	Focal Alpha 65 Evo
Power Supply	Corsair AX1200
Mouse	Logitech M510
Keyboard	Keychron Q10, brass plate, Kailh Box Summer switches and PBT Cherry keycaps
Software	Xubuntu 24.04
Benchmark Scores	N/A

System Name	Odyssey
Processor	AMD Ryzen 7 3700x
Motherboard	MSI MEG X570 UNIFY
Cooling	EKWB EK-MLC Phoenix 240
Memory	Crucial Ballistix Sport AT 3200MHz 32GB
Video Card(s)	Sapphire Pulse RX 5700XT 8 GB
Storage	ADATA XPG SX8200 Pro 1TBx2
Display(s)	LG 32GK850F-B
Case	Phanteks Enthoo Pro M Tempered Glass
Power Supply	SeaSonic PRIME 650W Gold

Processor	i5-6600K
Motherboard	Asus Z170A
Cooling	some cheap Cooler Master Hyper 103 or similar
Memory	16GB DDR4-2400
Video Card(s)	IGP
Storage	Samsung 850 EVO 250GB
Display(s)	2x Oldell 24" 1920x1200
Case	Bitfenix Nova white windowless non-mesh
Audio Device(s)	E-mu 1212m PCI
Power Supply	Seasonic G-360
Mouse	Logitech Marble trackball, never had a mouse
Keyboard	Key Tronic KT2000, no Win key because 1994
Software	Oldwin

Processor	i7-3770K
Motherboard	Biostar Hi-Fi Z77
Cooling	Swiftech H20 (w/Custom External Rad Enclosure)
Memory	16GB DDR3-2400Mhz
Video Card(s)	Alienware GTX 1070
Storage	1TB Samsung 850 EVO
Display(s)	32" LG 1440p
Case	Cooler Master 690 (w/Mods)
Audio Device(s)	Creative X-Fi Titanium
Power Supply	Corsair 750-TX
Mouse	Logitech G5
Keyboard	G. Skill Mechanical
Software	Windows 10 (X64)

System Name	✨ Lenovo M75q-1 [Tiny]
Cooling	⚠️ 78,08% N² ⌬ 20,95% O² ⌬ 0,93% Ar ⌬ 0,04% CO²
Display(s)	DELL S2722DGM
Audio Device(s)	◐◑ AKG K702 ⌬ FiiO E10K Olympus 2
Mouse	✌️ Corsair M65 RGB Elite [Black] ⌬ Endgame Gear MPC-890 Cordura
Keyboard	⌨ Turtle Beach Impact 500
Software	Windows 11 Pro (Debloated)

BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack

News Editor