Hackers steal $120 million from Badger DeFi platform
Hackers have stolen an estimated $120 million worth of Bitcoin and Ether assets from Badger, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations.
Badger has confirmed the hack in a statement published on Twitter earlier today, freezing its platform while staff investigates the breach.
Blockchain analysis firm PeckShield, which was the first to notice the heist, claims the hackers managed to steal more than 2,100 Bitcoin and 151 Ether from Badger user accounts before the company shut down its systems. The sum was estimated at $120.3 million at the time of the heist, the security firm said on Twitter.
PeckShield said that one user alone lost more than 900 Bitcoin, roughly $50.5 million.
Cryptocurrency news outlets like Coinspeaker, CryptoBriefing, and CryptoSlate cited several users from Badger's Discord channel who claimed that the attacker exploited a vulnerability in the platform's user interface to gain access to user accounts and exfiltrate funds.
Badger, which has not returned requests for comment so far to The Record or any other news outlet, has not confirmed these theories.
Typically, attacks on cryptocurrency platforms usually involve gaining access to an employee account or exploiting bugs in the platform's trading protocols rather than the platform's user interface.
So far, the Badger incident currently ranks as the third-largest heist of a cryptocurrency platform this year, behind PolyNetwork and Cream Finance.
- PolyNetwork – $600 million
- Cream Finance – $130 million (October)
- Badger - $120 million
- Liquid – $94 million
- EasyFi – $81 million
- bZx - $55 million
- Uranium Finance – $50 million
- Cream Finance – $37 million (February)
- Alpha Homora – $37 million
- Vee Finance – $35 million
- Meerkat Finance – $31 million
- Spartan – $30 million
- Cream Finance – $29 million (August)
- pNetwork – $12 million
- Rari Capital – $11 million
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.