DeFi Project BadgerDAO Loses $120 Million in an Alleged Front-End Attack

Bitcoin-focused DeFi project, BadgerDAO, has recently been exploited, with estimated losses mounting up to over 2,000 BTC, worth more than $120 million, according to data from industry-leading blockchain security firm, Peckshield.

The attack, which is speculated to be a front-end attack, where hackers allegedly accessed the front end of the BadgerDAO website and intercepted users’ transactions from there.

In a tweet, BadgerDAO said,

“Badger has received reports of unauthorized withdrawals of user funds. As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals”

In line with the speculation on hand, several affected users had reportedly claimed that they noticed false requests for additional permission from their wallet providers while they were claiming their yield on the platform.

One of the worst-hit victims of the attack was a user who lost about 900 BTC worth more than $50 million. Another user also lost $5 million worth of crypto assets in the attack.

Among the assets stolen in the attack were Wrapped Bitcoin (WBTC), Convex Finance (CVX), and many forms of vaulted and synthetic bitcoin, which makes it difficult to track the total amount of funds stolen in the attack since those assets can be redeemed for other tokens.

BadgerDAO is a platform that allows bitcoin holders to earn yield on their assets. It provides a bridge into smart contract platforms like Ethereum, where users can transfer their bitcoin in the form of wrapped bitcoin and use it to earn yield within DeFi applications.

The protocol noted that it is still investigating the attack and will publish an update soon. However, the protocol’s native token, BADGER, is currently down by 16.9% following the attack.

A few hours after the news broke, Peckshield released an update on the case, specifying that the total losses had amounted to 2,100 BTC and 151 ETH valued at $120.3 million.

In another DeFi-related attack,  DeFi protocol MonoX lost $30 million to a smart contract bug yesterday.