Crypto Tokens are one of the main assets right now used for saving or investing purposes. But the alarms are raised when we see millions keep “vanishing” out of people’s wallets.
This week, it was BadgerDAO and BitMart’s turn.
Let’s see what happened.
$119 Million Out of BadgerDAO DeFi Project
BadgetDAO (decentralized autonomous organization) reported through twitter that an unknown hacker or group of hackers stole $119 million in cryptocurrency (2,100 BTC = $118,500,000 and 151 ETH = $679,000) from the blockchain-based DeFi platform.
Badger has received reports of unauthorized withdrawals of user funds.
As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals.
Our investigation is ongoing and we will release further information as soon as possible.
— ₿adgerDAO 🦡 (@BadgerDAO) December 2, 2021
The hackers didn’t use smart contract exploits. On the other hand, they targeted BadgerDAO’s web infrastructure (its Cloudflare account, content delivery network) with a front-end attack.
It was a malicious script that tricked people into giving their address rights to send tokens.
Users received shady permission requests when using their Metamask wallet and BadgerDAO paused all smart contracts soon after users noticed their wallets being emptied.
It seems like Web3 still depends on Web1 cybersecurity. Understandably, many users complained right after and both BadgerDAO’s admins and developers jumped to do damage control in the official Discord channel.
They say not all missing funds are gone forever and also tease the possibility of “returns well above 75 percent APY.”
More formal communication about the incident will be made in the following weeks once they’ve gathered enough information. For now, we can only pause and think about the billions of dollars lost in DeFi platforms such as PolyNetwork, Cream Finance, Liquid, and bZx to scams and hacks. This seems to also be the case for BitMart’s recent attack.
$150 Million Stolen From BitMart Crypto-Exchange
Crypto trading platform BitMart disclosed a “large-scale security breach” and the theft of more than $150 million in various tokens as a consequence of a stolen private key.
The breach impacted hot wallets on both the Binance smart chain (BSC) and the Ethereum (ETH) blockchain. These only carried a “small percentage” of the assets, the company said.
For that reason, BitMart temporarily suspended withdrawals and added security reviews before operation plans resumed days after.
We do not know exactly how much money was stolen, whether it came from customers’ wallets or Bitmart’s owned central pot or whether the company will repay users.
But the first security company to raise its voice about the attack (PeckShield), estimated $200 million of a total loss, calling it a “pretty straightforward: transfer-out, swap, and wash.”
As you can notice, past hacks against cryptocurrency-focused businesses often share similar outcomes. Sometimes users are fully or partially refunded or in some cases, the company declares bankruptcy or the hacker/s might return the money itself/themselves.
Whether your company is or isn’t related to crypto or DeFi, you can still face attacks of this magnitude. If that happens to companies well-equipped in cybersecurity, then what could happen to small, medium, or big-sized businesses like yours?
We can answer that and many other questions to you, here.