rjohnson11
EVGA Forum Moderator
- Total Posts : 102028
- Reward points : 0
- Joined: 2004/10/05 12:44:35
- Location: Netherlands
- Status: offline
- Ribbons : 84
https://www.techpowerup.com/289569/badgerdao-sees-usd-120-million-crypto-heist-via-cloudflare-hack BadgerDAO, "one of the most security-minded DAOs in operation", has been hit with a cryptocurrency heist enabled via a JavaScript hack on their website. BadgerDAO enables Bitcoin holders to "bridge" their cryptocurrency over to the smart-contract and DeFi-enabled Ethereum platform via its token, thus allowing access to the world of decentralized finance. After preliminary investigations aided by blockchain security and data analytics Peckshield, it seems that the bad actors inserted a malicious script in the BadgerDAO website - in turn intercepting Web3 transactions and inserting a request to transfer the victim's tokens to the attacker's chosen address. It's currently estimated that around $120 million were siphoned off via this attack. A single transfer saw 896 Bitcoin being diverted this way - a cool $50 million. As soon as BadgerDAO became aware of suspect wallet activity, the company immediately froze all smart contracts running in its platform - a way to stem the bleeding until the security audit could be conducted. Thursday night, BadgerDAO announced it had "retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own." Acording to BadgerDAO, the attacker managed to access the Cloudflare API used by the company without triggering the two-factor authentication protection that should have been enabled. Of course, two-factor (or multi-factor) authentication can and has been subverted before; there have been multiple instances of phishing attempts that manage to cross the bridge over to 2FA keys, and there are even toolkits available that automate the entire process. While it's still one of the most cost-effective ways to increase security access whenever credentials are involved, like every security measure, it requires attentive user interactions. The poor security will probably open the door to lawsuits in my personal opinion.
|
Hoggle
EVGA Forum Moderator
- Total Posts : 10084
- Reward points : 0
- Joined: 2003/10/13 22:10:45
- Location: Eugene, OR
- Status: offline
- Ribbons : 4
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/03 03:03:54
(permalink)
rjohnson11 https://www.techpowerup.com/289569/badgerdao-sees-usd-120-million-crypto-heist-via-cloudflare-hack BadgerDAO, "one of the most security-minded DAOs in operation", has been hit with a cryptocurrency heist enabled via a JavaScript hack on their website. BadgerDAO enables Bitcoin holders to "bridge" their cryptocurrency over to the smart-contract and DeFi-enabled Ethereum platform via its token, thus allowing access to the world of decentralized finance. After preliminary investigations aided by blockchain security and data analytics Peckshield, it seems that the bad actors inserted a malicious script in the BadgerDAO website - in turn intercepting Web3 transactions and inserting a request to transfer the victim's tokens to the attacker's chosen address. It's currently estimated that around $120 million were siphoned off via this attack. A single transfer saw 896 Bitcoin being diverted this way - a cool $50 million.
As soon as BadgerDAO became aware of suspect wallet activity, the company immediately froze all smart contracts running in its platform - a way to stem the bleeding until the security audit could be conducted. Thursday night, BadgerDAO announced it had "retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own." Acording to BadgerDAO, the attacker managed to access the Cloudflare API used by the company without triggering the two-factor authentication protection that should have been enabled. Of course, two-factor (or multi-factor) authentication can and has been subverted before; there have been multiple instances of phishing attempts that manage to cross the bridge over to 2FA keys, and there are even toolkits available that automate the entire process. While it's still one of the most cost-effective ways to increase security access whenever credentials are involved, like every security measure, it requires attentive user interactions. The poor security will probably open the door to lawsuits in my personal opinion.
I would wonder if lawsuits would really work since I don't think the United States or Canada is really ready to say bitcoin has value until it's sold for cash. The fact that most countries treat bitcoin as a digital item the same as say buying an item in a game means it's hard to see the case really awarding the value of the bitcoin. The same problem happens with collectibles in which someone could have a rare comic that goes for $700 but it can be considered only worth the original face value legally until it's been apprised.
|
Flint 1760
Omnipotent Enthusiast
- Total Posts : 8295
- Reward points : 0
- Joined: 2009/04/26 15:44:26
- Status: offline
- Ribbons : 45
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/03 04:19:45
(permalink)
Cryptocurrency is just becoming another target and we will see increasing incidents. This, and the other thefts, should be a huge warning call to any firm in the business. Somehow I don't think this one will end up with the miscreants getting job offers.
post edited by Flint 1760 - 2021/12/03 04:35:23
|
Grey_Beard
CLASSIFIED Member
- Total Posts : 2231
- Reward points : 0
- Joined: 2013/12/23 11:50:37
- Location: The Land of Milk and Honey
- Status: offline
- Ribbons : 10
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/03 04:26:59
(permalink)
Another reason to stay away from cryptocurrency. Amazing that this keeps happening. But hey, you can track this stuff. LLLLOOOOOLLLLLLL! This stuff is made for criminals and no matter what anyone says, it is not secure nor is it traceable. It is definitely every criminal’s currency for sure.
post edited by Grey_Beard - 2021/12/03 12:00:04
|
ty_ger07
Insert Custom Title Here
- Total Posts : 21159
- Reward points : 0
- Joined: 2008/04/10 23:48:15
- Location: traveler
- Status: offline
- Ribbons : 270
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/03 08:48:28
(permalink)
It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution.
ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium My EVGA Score: 1546 • Zero Associates Points • I don't shill
|
nomoss
FTW Member
- Total Posts : 1559
- Reward points : 0
- Joined: 2009/04/04 19:45:27
- Status: offline
- Ribbons : 7
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/03 08:56:57
(permalink)
All the tears I shed for people losing their environment destroying "currency" could fit on the head of a pin.
|
Miguell
FTW Member
- Total Posts : 1112
- Reward points : 0
- Joined: 2008/04/16 14:43:51
- Location: Portugal
- Status: offline
- Ribbons : 0
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/03 09:24:30
(permalink)
nomoss All the tears I shed for people losing their environment destroying "currency" could fit on the head of a pin.
you and me both unfortunately people want easy money,. its and old human desire ! crypto provides just that and it wont die .. as a matter of fact i believe most of the people who lost big chuncks of their savings, will enter the crypto market again... as soon as they can.. already saw a documentary about this.. and they admit that despite losing they would try again because.... its easy money! greed will beat the will to have a 9 to 5 job for 40 years any day...
post edited by Miguell - 2021/12/03 14:40:53
Case: Cooler Master Stacker 830Display: 32" AOC Q3279VWFD8 @2560x1440@75HzCpu: Intel Core i7-8700Cpu Cooler: Cooler Master - MasterLiquid ML120L - RGBMobo: Asus ROG Strix Z390-H GamingVga: Asus Dual RTX 4060 Ti 16GB Advanced EditionRam: 32GB DDR4 G.SKILL - RIPJAWS V @3200MhzSound: Hama uRage soundZbar 2.1 Unleashed - (Optical)Storage: 500GB SSD M.2 A2000 NVMe Kingston (OS) + 8TB (4+4) HDD X300 Toshiba (Data)Psu: SeaSonic M12 700W Os: W10 Pro 64Bit
|
Grey_Beard
CLASSIFIED Member
- Total Posts : 2231
- Reward points : 0
- Joined: 2013/12/23 11:50:37
- Location: The Land of Milk and Honey
- Status: offline
- Ribbons : 10
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/03 12:01:42
(permalink)
ty_ger07 It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution.
Eventually you will realize the money is in the theft not stopping it. You mention this is impossible to steal while posting in a thread about it getting stolen. Hmmm.
|
kram36
The Destroyer
- Total Posts : 21477
- Reward points : 0
- Joined: 2009/10/27 19:00:58
- Location: United States
- Status: offline
- Ribbons : 72
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/03 13:02:40
(permalink)
Grey_Beard
ty_ger07 It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution.
Eventually you will realize the money is in the theft not stopping it. You mention this is impossible to steal while posting in a thread about it getting stolen. Hmmm.
If you keep your digital assets in your own reputable private wallet and don't store the passkey where someone can find it on your pc, it's pretty much impossible to steal. A cold storage wallet, you're pretty much golden. Leaving your digital assets on a website is not a smart move.
post edited by kram36 - 2021/12/03 13:07:19
|
ty_ger07
Insert Custom Title Here
- Total Posts : 21159
- Reward points : 0
- Joined: 2008/04/10 23:48:15
- Location: traveler
- Status: offline
- Ribbons : 270
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/03 13:36:31
(permalink)
Grey_Beard
ty_ger07 It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution.
Eventually you will realize the money is in the theft not stopping it. You mention this is impossible to steal while posting in a thread about it getting stolen. Hmmm.
When you give it to someone else, it can be stolen. If you keep it, to yourself, it is impossible to steal. It gets stolen when a service you use to buy, sell, or transfer it doesn't safely guard the keys they use, an inside job happens, or when someone tricks you into transferring it to the wrong person. Every one of these thefts fall under one or more of those categories. It is impossible to steal in the conventional sense.
ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium My EVGA Score: 1546 • Zero Associates Points • I don't shill
|
castrator86
SSC Member
- Total Posts : 816
- Reward points : 0
- Joined: 2010/07/24 09:33:21
- Status: offline
- Ribbons : 2
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/03 13:37:44
(permalink)
kram36
Grey_Beard
ty_ger07 It's funny how websites continue to cause cryptocurrency to be stolen when it is otherwise impossible to steal. When will this end? There should be money in it for someone who finds a solution.
Eventually you will realize the money is in the theft not stopping it. You mention this is impossible to steal while posting in a thread about it getting stolen. Hmmm.
If you keep your digital assets in your own reputable private wallet and don't store the passkey where someone can find it on your pc, it's pretty much impossible to steal. A cold storage wallet, you're pretty much golden. Leaving your digital assets on a website is not a smart move.
Bingo. Unless you store it on a USB key back in 2009 while at college and then lose it... It pains me to look at BC prices knowing I had a 3 or 4 on a USB drive that got dropped/lost/thrown out.
|
Hoggle
EVGA Forum Moderator
- Total Posts : 10084
- Reward points : 0
- Joined: 2003/10/13 22:10:45
- Location: Eugene, OR
- Status: offline
- Ribbons : 4
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/03 14:28:28
(permalink)
Miguell
nomoss All the tears I shed for people losing their environment destroying "currency" could fit on the head of a pin.
you and me both unfortunately people want easy money,. its and old human desire ! crypto provides just that and it wont die .. as a matter of fact i believe most of the people who lost big chucks of their savings... will enter the crypto market again... as soon as they can.. already saw a documentary about this.. and they admit that despite losing they would try again because.... its easy money! greed will beat the will to have a 9 to 5 job for 40 years any day...
I agree that it's greed that will beat having a regular job but I also feel crypto probably has a lot of backing by illegal organized criminal activity and that backing could help keep the prices up instead of dropping as it's easy to transfer crypto compared to cash across borders.
|
Nereus
Captain Goodvibes
- Total Posts : 18875
- Reward points : 0
- Joined: 2009/04/09 20:05:53
- Location: Brooklyn, NYC.
- Status: offline
- Ribbons : 58
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/05 11:15:22
(permalink)
Soon as Bitcoin and other cryptocurrencies are recognized as official legal tender (like El Salvador has), then this effectively becomes a very large bank heist. People who hack into and rob banks get serious jail time. The same should apply for crypto. Until then, it's basically a digital California - take whatever you want, nobody is going to do anything about it other than maybe give a light smack on the hand for being naughty, and for the victims.. cry me a river.
|
Miguell
FTW Member
- Total Posts : 1112
- Reward points : 0
- Joined: 2008/04/16 14:43:51
- Location: Portugal
- Status: offline
- Ribbons : 0
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/05 12:48:44
(permalink)
Nereus Soon as Bitcoin and other cryptocurrencies are recognized as official legal tender (like El Salvador has), then this effectively becomes a very large bank heist. People who hack into and rob banks get serious jail time. The same should apply for crypto. Until then, it's basically a digital California - take whatever you want, nobody is going to do anything about it other than maybe give a light smack on the hand for being naughty, and for the victims.. cry me a river.
you maybe right.. it SHOULD be recognized... at least BC should because its the oldest one! but who is gonna recognize it and most important WHO is gonna regulate all this digital cash flow around the world?? we are talking tons and tons of money ( zeros and ones) flowing everyday between servers and countries! crypto has no country and knows no borders! i'm not sure how this would be regulated...
Case: Cooler Master Stacker 830Display: 32" AOC Q3279VWFD8 @2560x1440@75HzCpu: Intel Core i7-8700Cpu Cooler: Cooler Master - MasterLiquid ML120L - RGBMobo: Asus ROG Strix Z390-H GamingVga: Asus Dual RTX 4060 Ti 16GB Advanced EditionRam: 32GB DDR4 G.SKILL - RIPJAWS V @3200MhzSound: Hama uRage soundZbar 2.1 Unleashed - (Optical)Storage: 500GB SSD M.2 A2000 NVMe Kingston (OS) + 8TB (4+4) HDD X300 Toshiba (Data)Psu: SeaSonic M12 700W Os: W10 Pro 64Bit
|
ty_ger07
Insert Custom Title Here
- Total Posts : 21159
- Reward points : 0
- Joined: 2008/04/10 23:48:15
- Location: traveler
- Status: offline
- Ribbons : 270
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/05 19:13:11
(permalink)
Miguell crypto has no country and knows no borders! i'm not sure how this would be regulated...
It's regulated in the United States. It is probably regulated in many other countries too. In the United States at least, it's more a matter of enforcement and choosing to follow regulation. KYC laws, AML laws, tax laws, and the patriot act pretty well have cryptocurrency fully regulated in the United States.
ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium My EVGA Score: 1546 • Zero Associates Points • I don't shill
|
Grey_Beard
CLASSIFIED Member
- Total Posts : 2231
- Reward points : 0
- Joined: 2013/12/23 11:50:37
- Location: The Land of Milk and Honey
- Status: offline
- Ribbons : 10
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/06 13:59:13
(permalink)
Seems they have resorted to begging. I guess it’s secure if you include successful begging. The crypto-calamity continues. “Now, the blockchain "bridge" protocol BadgerDAO is pleading with the hacker to return the stolen funds.” https://www.vice.com/en/a...turn-dollar119-million
post edited by Grey_Beard - 2021/12/06 14:25:20
|
Nereus
Captain Goodvibes
- Total Posts : 18875
- Reward points : 0
- Joined: 2009/04/09 20:05:53
- Location: Brooklyn, NYC.
- Status: offline
- Ribbons : 58
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/06 14:13:45
(permalink)
Wow.. $120m stolen from BadgerDAO, then $150m from BitMart.. Seems safer to just stuff your mattress with cash.
|
Flint 1760
Omnipotent Enthusiast
- Total Posts : 8295
- Reward points : 0
- Joined: 2009/04/26 15:44:26
- Status: offline
- Ribbons : 45
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/06 15:26:12
(permalink)
If they have resorted to begging, then you know they have some real problems. Might work better to offer a "finders fee" and a six figure salary job as was done a couple of months ago after a theft.
|
ty_ger07
Insert Custom Title Here
- Total Posts : 21159
- Reward points : 0
- Joined: 2008/04/10 23:48:15
- Location: traveler
- Status: offline
- Ribbons : 270
Re: BadgerDAO Sees $120 Million Crypto Heist via Cloudflare Hack
2021/12/06 20:14:59
(permalink)
Nereus Wow.. $120m stolen from BadgerDAO, then $150m from BitMart.. Seems safer to just stuff your mattress with cash. Or keep it in a crypto wallet and not move it around.
ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium My EVGA Score: 1546 • Zero Associates Points • I don't shill
|