“The DeFi platform BadgerDAO, which was hacked earlier this month, reveals how the attacker made an application platform running on BadgerDAO as an attack vector to launch the attack resulting in a loss of $120 Million. The company has patched the vulnerabilities and has hired two blockchain analysis and cybersecurity firms for recovering the maximum amount possible from the attacker if possible.”
BadgerDAO, a DeFi platform was attacked on December 2 as a phishing attack was launched that was caused by a “maliciously injected snippet” from the Cloudflare application platform that runs on the cloud network of Badger DAO. The company claimed that the hacker made the vulnerability in the API of the Cloudflare as an attack vector and transferred an amount of $130 Million from Badger’s account. Out of this amount $9 Million was recovered as the amount was transferred but not debited from the Badger’s account.
The company revealed that the attacker compromised an API key that was created without the knowledge of engineers at BadgerDAO and used the compromised key to inject the malicious code that was able to affect a subset of the company’s customers.
Badger DAO has now patched the vulnerabilities in the Cloudflare Application platform and reset the credentials of all the APIs on the platform to ensure that no further risk prevails. The company has also hired Chainalysis ( a blockchain analysis firm) and Mandiant (a cyber security firm) to help in the recovery of the maximum funds possible along with the help of authorities of US and Canada.
Disclaimer: The article should not be considered as any financial advice. It is advisable to conduct thorough research before investment.
Photo by – Pixabay on Pexels