Hackers steal $120 million from Badger DeFi platform

Hackers have stolen an estimated $120 million worth of Bitcoin and Ether assets from Badger, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations.

Badger has confirmed the hack in a statement published on Twitter earlier today, freezing its platform while staff investigates the breach.

Blockchain analysis firm PeckShield, which was the first to notice the heist, claims the hackers managed to steal more than 2,100 Bitcoin and 151 Ether from Badger user accounts before the company shut down its systems. The sum was estimated at $120.3 million at the time of the heist, the security firm said on Twitter.

PeckShield said that one user alone lost more than 900 Bitcoin, roughly $50.5 million.

Cryptocurrency news outlets like CoinspeakerCryptoBriefing, and CryptoSlate cited several users from Badger’s Discord channel who claimed that the attacker exploited a vulnerability in the platform’s user interface to gain access to user accounts and exfiltrate funds.

Badger, which has not returned requests for comment so far to The Record or any other news outlet, has not confirmed these theories.

Typically, attacks on cryptocurrency platforms usually involve gaining access to an employee account or exploiting bugs in the platform’s trading protocols rather than the platform’s user interface.

So far, the Badger incident currently ranks as the third-largest heist of a cryptocurrency platform this year, behind PolyNetwork and Cream Finance.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Biden administration launches initiative to protect U.S. water systems from cyberattacks

The Biden administration on Thursday will kick off an effort to protect the country’s water…

2 mins ago

DeepDotWeb co-admin sentenced to 8 years in prison

One of the two administrators of the DeepDotWeb portal was sentenced this week to 97…

3 hours ago

Ukrainian government calls out false flag operation in recent data wiping attack

The Ukrainian government said today that it found evidence meant to connect the data wiping…

16 hours ago

Meta’s free mode came with a cost, report says

Meta Connectivity (previously Facebook Connectivity) is facing scrutiny after reports emerged that their Free Basics…

19 hours ago

White House releases final zero-trust strategy for federal government

The White House on Wednesday issued finalized plans for its strategy to move the federal…

21 hours ago

German government warns of APT27 activity targeting local companies

The German government said on Tuesday that a Chinese cyberespionage group known as APT27 has…

23 hours ago