Badger suffered a hacker attack this past Wednesday (1), with an estimate that its decentralized finance (DeFi) users had around $120,3 million from various cryptocurrencies stolen.
The first users reported problems at 23:XNUMX GMT yesterday. It has since been speculated on in community channels that the hacker attack was triggered by exploiting the Badger.com UI rather than the main protocol contracts.
Many affected users also reported that while claiming lost money and reporting the losses to Badger's finance department, they noticed that their wallet providers were making false requests for permits.
The data analytics and security company blockchain, PeckShield, estimates that of the $120,3 million stolen in the hack attack, 2.100 were in Bitcoin cryptocurrencies, while 151 were Ethereum.
Badger has received reports of withdrawal unauthorized of user funds.
Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals.
Our investigation is ongoing and we will release further information as soon as possible.
— adgerDAO (@BadgerDAO) December 2, 2021
Through Discord, Badger's main contributor, Trittium talked about the situation. “It seems like a lot of users have had approvals set to tapped into their accounts allowing transactions in their bank funds. As soon as we noticed, we stopped all operations so that nothing was transferred and we are trying to find out where the approvals came from, how many people have them and what the next steps are”, he explained.
Through Twitter, Badger also made a statement. “Badger has received reports of unauthorized withdrawals of funds from users. As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals. Our investigation is ongoing and we will release more information as soon as possible,” he said.
Although contracts are paralyzed, users still point out that movements are taking place through tools such as bank e unrekt to access and revoke the bans on access permissions to contracts, according to Coindesk.