EVGA

Hot!BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack

Author
rjohnson11
EVGA Forum Moderator
  • Total Posts : 92845
  • Reward points : 0
  • Joined: 2004/10/05 12:44:35
  • Location: Netherlands
  • Status: offline
  • Ribbons : 78
2021/12/03 00:24:37 (permalink)
https://www.techpowerup.com/289569/badgerdao-sees-usd-120-million-crypto-heist-via-cloudflare-hack
 
BadgerDAO, "one of the most security-minded DAOs in operation", has been hit with a cryptocurrency heist enabled via a JavaScript hack on their website. BadgerDAO enables Bitcoin holders to "bridge" their cryptocurrency over to the smart-contract and DeFi-enabled Ethereum platform via its token, thus allowing access to the world of decentralized finance. After preliminary investigations aided by blockchain security and data analytics Peckshield, it seems that the bad actors inserted a malicious script in the BadgerDAO website - in turn intercepting Web3 transactions and inserting a request to transfer the victim's tokens to the attacker's chosen address. It's currently estimated that around $120 million were siphoned off via this attack. A single transfer saw 896 Bitcoin being diverted this way - a cool $50 million.

As soon as BadgerDAO became aware of suspect wallet activity, the company immediately froze all smart contracts running in its platform - a way to stem the bleeding until the security audit could be conducted. Thursday night, BadgerDAO announced it had "retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own."
 
Acording to BadgerDAO, the attacker managed to access the Cloudflare API used by the company without triggering the two-factor authentication protection that should have been enabled. Of course, two-factor (or multi-factor) authentication can and has been subverted before; there have been multiple instances of phishing attempts that manage to cross the bridge over to 2FA keys, and there are even toolkits available that automate the entire process. While it's still one of the most cost-effective ways to increase security access whenever credentials are involved, like every security measure, it requires attentive user interactions.
 
The poor security will probably open the door to lawsuits in my personal opinion. 
 
 

AMD Ryzen 9 5950X,  Corsair Mp600 Pro M.2, 128GB DDR4  Crosshair VIII Hero, RTX 3090ti FTW Ultra Associate Code: H5U80QBH6BH0AXF. I am NOT an employee of EVGA

#1

18 Replies Related Threads

    Hoggle
    EVGA Forum Moderator
    • Total Posts : 8765
    • Reward points : 0
    • Joined: 2003/10/13 22:10:45
    • Location: Eugene, OR
    • Status: offline
    • Ribbons : 4
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 03:03:54 (permalink)
    rjohnson11
    https://www.techpowerup.com/289569/badgerdao-sees-usd-120-million-crypto-heist-via-cloudflare-hack
     
    BadgerDAO, "one of the most security-minded DAOs in operation", has been hit with a cryptocurrency heist enabled via a JavaScript hack on their website. BadgerDAO enables Bitcoin holders to "bridge" their cryptocurrency over to the smart-contract and DeFi-enabled Ethereum platform via its token, thus allowing access to the world of decentralized finance. After preliminary investigations aided by blockchain security and data analytics Peckshield, it seems that the bad actors inserted a malicious script in the BadgerDAO website - in turn intercepting Web3 transactions and inserting a request to transfer the victim's tokens to the attacker's chosen address. It's currently estimated that around $120 million were siphoned off via this attack. A single transfer saw 896 Bitcoin being diverted this way - a cool $50 million.

    As soon as BadgerDAO became aware of suspect wallet activity, the company immediately froze all smart contracts running in its platform - a way to stem the bleeding until the security audit could be conducted. Thursday night, BadgerDAO announced it had "retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own."
     
    Acording to BadgerDAO, the attacker managed to access the Cloudflare API used by the company without triggering the two-factor authentication protection that should have been enabled. Of course, two-factor (or multi-factor) authentication can and has been subverted before; there have been multiple instances of phishing attempts that manage to cross the bridge over to 2FA keys, and there are even toolkits available that automate the entire process. While it's still one of the most cost-effective ways to increase security access whenever credentials are involved, like every security measure, it requires attentive user interactions.
     
    The poor security will probably open the door to lawsuits in my personal opinion. 
     
     




    I would wonder if lawsuits would really work since I don't think the United States or Canada is really ready to say bitcoin has value until it's sold for cash. The fact that most countries treat bitcoin as a digital item the same as say buying an item in a game means it's hard to see the case really awarding the value of the bitcoin. The same problem happens with collectibles in which someone could have a rare comic that goes for $700 but it can be considered only worth the original face value legally until it's been apprised.

    Use an Associates Code & SAVE 5% - 10% on your purchase. Just click on the associates banner to save, or enter the associates code at checkout on your next purchase. If you choose to use my code I want to personally say "Thank You" for using it. 
     
     
    #2
    Flint 1760
    Omnipotent Enthusiast
    • Total Posts : 8306
    • Reward points : 0
    • Joined: 2009/04/26 15:44:26
    • Status: offline
    • Ribbons : 42
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 04:19:45 (permalink)
    Cryptocurrency is just becoming another target and we will see increasing incidents.  This, and the other thefts, should be a huge warning call to any firm in the business.
     
    Somehow I don't think this one will end up with the miscreants getting job offers.
    post edited by Flint 1760 - 2021/12/03 04:35:23


    #3
    Grey_Beard
    CLASSIFIED Member
    • Total Posts : 2212
    • Reward points : 0
    • Joined: 2013/12/23 11:50:37
    • Location: The Land of Milk and Honey
    • Status: offline
    • Ribbons : 9
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 04:26:59 (permalink)
    Another reason to stay away from cryptocurrency.  Amazing that this keeps happening.  But hey, you can track this stuff.  LLLLOOOOOLLLLLLL!  This stuff is made for criminals and no matter what anyone says, it is not secure nor is it traceable.  It is definitely every criminal’s currency for sure.
    post edited by Grey_Beard - 2021/12/03 12:00:04



    #4
    ty_ger07
    Insert Custom Title Here
    • Total Posts : 20089
    • Reward points : 0
    • Joined: 2008/04/10 23:48:15
    • Location: traveler
    • Status: online
    • Ribbons : 250
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 08:48:28 (permalink)
    It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution.
    #5
    nomoss
    FTW Member
    • Total Posts : 1558
    • Reward points : 0
    • Joined: 2009/04/04 19:45:27
    • Status: online
    • Ribbons : 7
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 08:56:57 (permalink)
    All the tears I shed for people losing their environment destroying "currency" could fit on the head of a pin.

    Associates code:  9OYA1P1FRHQ3SGN
    Imgur    modsrigs:  Chemical X   RedWing   Utonium   TY for the +1s! 

    #6
    Miguell
    FTW Member
    • Total Posts : 1075
    • Reward points : 0
    • Joined: 2008/04/16 14:43:51
    • Location: Portugal
    • Status: offline
    • Ribbons : 0
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 09:24:30 (permalink)
    nomoss
    All the tears I shed for people losing their environment destroying "currency" could fit on the head of a pin.


     
    you and me  both
    unfortunately people want easy money,. its and old human desire !
     
    crypto provides just that and it wont die .. as a matter of fact  i believe most of the people who lost big chuncks of their savings, will enter the crypto market again... as soon as they can..
     
    already saw a documentary about this.. and they admit that despite losing they would try again because....  its easy money!
     
    greed will beat the will to have a 9 to 5 job for 40 years any day...
     
     
    post edited by Miguell - 2021/12/03 14:40:53

    Case: Cooler Master Stacker 830
    Display: 32" AOC Q3279VWFD8 @2560x1440@75Hz
    Cpu: Intel Core i7-8700  [[ QuickCPU @maxPerf ]]
    Cpu Cooler: Cooler Master - MasterLiquid ML120L - RGB
    Mobo: Asus ROG Strix Z390-H Gaming
    Vga: GeForce GTX 1080 Ti  - [[ O'ced >> Gpu @2Ghz+ // Mem @6Ghz ]]
    Ram: 32GB DDR4  G.SKILL - RIPJAWS V @3200Mhz
    Sound: Hama uRage soundZbar 2.1 Unleashed  - (Optical)
    Storage: 500GB SSD M.2 A2000  NVMe  Kingston (OS) + 8TB (4+4) HDD X300 Toshiba (Data)
    Psu: SeaSonic M12 700W
    Os: W10 Pro 64Bit
    #7
    Grey_Beard
    CLASSIFIED Member
    • Total Posts : 2212
    • Reward points : 0
    • Joined: 2013/12/23 11:50:37
    • Location: The Land of Milk and Honey
    • Status: offline
    • Ribbons : 9
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 12:01:42 (permalink)
    ty_ger07
    It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution.

    Eventually you will realize the money is in the theft not stopping it.  You mention this is impossible to steal while posting in a thread about it getting stolen.  Hmmm.



    #8
    kram36
    The Destroyer
    • Total Posts : 21486
    • Reward points : 0
    • Joined: 2009/10/27 19:00:58
    • Location: United States
    • Status: offline
    • Ribbons : 72
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 13:02:40 (permalink)
    Grey_Beard
    ty_ger07
    It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution.

    Eventually you will realize the money is in the theft not stopping it.  You mention this is impossible to steal while posting in a thread about it getting stolen.  Hmmm.


    If you keep your digital assets in your own reputable private wallet and don't store the passkey where someone can find it on your pc, it's pretty much impossible to steal. A cold storage wallet, you're pretty much golden.
     
    Leaving your digital assets on a website is not a smart move.
    post edited by kram36 - 2021/12/03 13:07:19
    #9
    ty_ger07
    Insert Custom Title Here
    • Total Posts : 20089
    • Reward points : 0
    • Joined: 2008/04/10 23:48:15
    • Location: traveler
    • Status: online
    • Ribbons : 250
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 13:36:31 (permalink)
    Grey_Beard
    ty_ger07
    It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution.

    Eventually you will realize the money is in the theft not stopping it.  You mention this is impossible to steal while posting in a thread about it getting stolen.  Hmmm.

    When you give it to someone else, it can be stolen. If you keep it, to yourself, it is impossible to steal. It gets stolen when a service you use to buy, sell, or transfer it doesn't safely guard the keys they use, an inside job happens, or when someone tricks you into transferring it to the wrong person. Every one of these thefts fall under one or more of those categories. It is impossible to steal in the conventional sense.
    #10
    castrator86
    SSC Member
    • Total Posts : 829
    • Reward points : 0
    • Joined: 2010/07/24 09:33:21
    • Status: offline
    • Ribbons : 2
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 13:37:44 (permalink)
    kram36
    Grey_Beard
    ty_ger07
    It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution.

    Eventually you will realize the money is in the theft not stopping it.  You mention this is impossible to steal while posting in a thread about it getting stolen.  Hmmm.


    If you keep your digital assets in your own reputable private wallet and don't store the passkey where someone can find it on your pc, it's pretty much impossible to steal. A cold storage wallet, you're pretty much golden.
     
    Leaving your digital assets on a website is not a smart move.



    Bingo. Unless you store it on a USB key back in 2009 while at college and then lose it... It pains me to look at BC prices knowing I had a 3 or 4 on a USB drive that got dropped/lost/thrown out.



    #11
    Hoggle
    EVGA Forum Moderator
    • Total Posts : 8765
    • Reward points : 0
    • Joined: 2003/10/13 22:10:45
    • Location: Eugene, OR
    • Status: offline
    • Ribbons : 4
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 14:28:28 (permalink)
    Miguell
    nomoss
    All the tears I shed for people losing their environment destroying "currency" could fit on the head of a pin.


     
    you and me  both
    unfortunately people want easy money,. its and old human desire !
     
    crypto provides just that and it wont die .. as a matter of fact  i believe most of the people who lost big chucks of their savings... will enter the crypto market again... as soon as they can..
     
    already saw a documentary about this.. and they admit that despite losing they would try again because....  its easy money!
     
    greed will beat the will to have a 9 to 5 job for 40 years any day...
     
     




    I agree that it's greed that will beat having a regular job but I also feel crypto probably has a lot of backing by illegal organized criminal activity and that backing could help keep the prices up instead of dropping as it's easy to transfer crypto compared to cash across borders.

    Use an Associates Code & SAVE 5% - 10% on your purchase. Just click on the associates banner to save, or enter the associates code at checkout on your next purchase. If you choose to use my code I want to personally say "Thank You" for using it. 
     
     
    #12
    Nereus
    Captain Goodvibes
    • Total Posts : 17959
    • Reward points : 0
    • Joined: 2009/04/09 20:05:53
    • Location: Brooklyn, NYC.
    • Status: offline
    • Ribbons : 58
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/05 11:15:22 (permalink)
     
    Soon as Bitcoin and other cryptocurrencies are recognized as official legal tender (like El Salvador has), then this effectively becomes a very large bank heist. People who hack into and rob banks get serious jail time. The same should apply for crypto. Until then, it's basically a digital California - take whatever you want, nobody is going to do anything about it other than maybe give a light smack on the hand for being naughty, and for the victims.. cry me a river.
     

    ASSOCIATE CODE CSKKXUT5Q9GVAFR FOR UP TO 10% DISCOUNT ON EVGA.COM PURCHASES! [DETAILS]

      BUILD 1 2   |   MINI-ITX BUILD   |   MODSRIGS $1K WIN   |   HEATWARE

    #13
    Miguell
    FTW Member
    • Total Posts : 1075
    • Reward points : 0
    • Joined: 2008/04/16 14:43:51
    • Location: Portugal
    • Status: offline
    • Ribbons : 0
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/05 12:48:44 (permalink)
    Nereus
     
    Soon as Bitcoin and other cryptocurrencies are recognized as official legal tender (like El Salvador has), then this effectively becomes a very large bank heist. People who hack into and rob banks get serious jail time. The same should apply for crypto. Until then, it's basically a digital California - take whatever you want, nobody is going to do anything about it other than maybe give a light smack on the hand for being naughty, and for the victims.. cry me a river.
     




    you maybe right.. it  SHOULD be recognized... at least BC should because its the oldest one!
     
    but who is gonna recognize it and most important WHO is gonna regulate all this digital cash flow around the world??
    we are talking tons and tons of money ( zeros and ones) flowing everyday between servers and countries!
     
    crypto has no country and knows no borders!  i'm not sure how this would be regulated...
     
     

    Case: Cooler Master Stacker 830
    Display: 32" AOC Q3279VWFD8 @2560x1440@75Hz
    Cpu: Intel Core i7-8700  [[ QuickCPU @maxPerf ]]
    Cpu Cooler: Cooler Master - MasterLiquid ML120L - RGB
    Mobo: Asus ROG Strix Z390-H Gaming
    Vga: GeForce GTX 1080 Ti  - [[ O'ced >> Gpu @2Ghz+ // Mem @6Ghz ]]
    Ram: 32GB DDR4  G.SKILL - RIPJAWS V @3200Mhz
    Sound: Hama uRage soundZbar 2.1 Unleashed  - (Optical)
    Storage: 500GB SSD M.2 A2000  NVMe  Kingston (OS) + 8TB (4+4) HDD X300 Toshiba (Data)
    Psu: SeaSonic M12 700W
    Os: W10 Pro 64Bit
    #14
    ty_ger07
    Insert Custom Title Here
    • Total Posts : 20089
    • Reward points : 0
    • Joined: 2008/04/10 23:48:15
    • Location: traveler
    • Status: online
    • Ribbons : 250
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/05 19:13:11 (permalink)
    Miguell
    crypto has no country and knows no borders!  i'm not sure how this would be regulated...

    It's regulated in the United States. It is probably regulated in many other countries too. In the United States at least, it's more a matter of enforcement and choosing to follow regulation. KYC laws, AML laws, tax laws, and the patriot act pretty well have cryptocurrency fully regulated in the United States.
    #15
    Grey_Beard
    CLASSIFIED Member
    • Total Posts : 2212
    • Reward points : 0
    • Joined: 2013/12/23 11:50:37
    • Location: The Land of Milk and Honey
    • Status: offline
    • Ribbons : 9
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/06 13:59:13 (permalink)
    Seems they have resorted to begging. I guess it’s secure if you include successful begging. The crypto-calamity continues.

    “Now, the blockchain "bridge" protocol BadgerDAO is pleading with the hacker to return the stolen funds.”

    https://www.vice.com/en/a...turn-dollar119-million
    post edited by Grey_Beard - 2021/12/06 14:25:20



    #16
    Nereus
    Captain Goodvibes
    • Total Posts : 17959
    • Reward points : 0
    • Joined: 2009/04/09 20:05:53
    • Location: Brooklyn, NYC.
    • Status: offline
    • Ribbons : 58
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/06 14:13:45 (permalink)
     
    Wow.. $120m stolen from BadgerDAO, then $150m from BitMart.. Seems safer to just stuff your mattress with cash.
     

    ASSOCIATE CODE CSKKXUT5Q9GVAFR FOR UP TO 10% DISCOUNT ON EVGA.COM PURCHASES! [DETAILS]

      BUILD 1 2   |   MINI-ITX BUILD   |   MODSRIGS $1K WIN   |   HEATWARE

    #17
    Flint 1760
    Omnipotent Enthusiast
    • Total Posts : 8306
    • Reward points : 0
    • Joined: 2009/04/26 15:44:26
    • Status: offline
    • Ribbons : 42
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/06 15:26:12 (permalink)
    If they have resorted to begging, then you know they have some real problems.  Might work better to offer a "finders fee" and a six figure salary job as was done a couple of months ago after a theft.


    #18
    ty_ger07
    Insert Custom Title Here
    • Total Posts : 20089
    • Reward points : 0
    • Joined: 2008/04/10 23:48:15
    • Location: traveler
    • Status: online
    • Ribbons : 250
    Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/06 20:14:59 (permalink)
    Nereus
     Wow.. $120m stolen from BadgerDAO, then $150m from BitMart.. Seems safer to just stuff your mattress with cash.
     

    Or keep it in a crypto wallet and not move it around.
    #19
    Jump to:
  • Back to Mobile