Badger DAO DeFi protocol hacked; token falls about 20%

Users of the Badger DAO DeFi protocol reported unauthorized withdrawals. The estimated damage from the breach could exceed $100 million.

The project team paused all smart contracts and launched an investigation.

The breach is believed to have resulted from an exploit in the user interface. Some protocol clients noticed requests for approvals to additional addresses for withdrawals.

“It seems that some users had approvals set for the exploit address, enabling it to operate their funds in the vaults, which was used,” wrote on Discord by one of the community’s leading members under the handle Tritium.

He also said that the attack lasted from November 11. Users confirmed that assets were sent to the exploit address more than 10 days earlier.

However, the majority of the funds were withdrawn on December 1.

Initially, the damage was around $10 million. PeckShield’s analysts compiled their own list of assets stolen by the hacker. Commentators noted that the total exceeds $100 million.

PeckShield noted that one of the most affected users lost almost 897 BTC (~$51 million).

According to the Badger DAO site, the value of funds blocked in the protocol stands at $1.2 billion, and the treasury exceeds $240 million. According to the service Zapper, the latter figure does not reach $62 million.

At the time of writing, the governance token BADGER’s price had fallen from around $28 to about $22.50 — roughly 20%.

Earlier, on November 30, a hacker drained MonoX of crypto assets valued at $31 million. Commenting on the incident, The Block analyst Igor Igamberdiev wrote that this was becoming ‘a little boring’.