{"id":53953,"date":"2021-12-02T11:54:04","date_gmt":"2021-12-02T09:54:04","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=53953"},"modified":"2025-09-03T17:44:32","modified_gmt":"2025-09-03T14:44:32","slug":"badger-dao-defi-protocol-hacked-token-falls-about-20","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/badger-dao-defi-protocol-hacked-token-falls-about-20\/","title":{"rendered":"Badger DAO DeFi protocol hacked; token falls about 20%"},"content":{"rendered":"<p>Users of the Badger DAO DeFi protocol reported unauthorized withdrawals. The estimated damage from the breach could exceed $100 million.<\/p>\n<figure class=\\\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\\\">\n<div class=\\\"wp-block-embed__wrapper\\\">\n<blockquote class=\\\"twitter-tweet\\\" data-width=\\\"500\\\" data-dnt=\\\"true\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">Badger has received reports of unauthorized withdrawals of user funds.<\/p>\n<p>As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals.<\/p>\n<p>Our investigation is ongoing and we will release further information as soon as possible.<\/p>\n<p>\u2014 \u20bfadger \ud83e\udda1 (@BadgerDAO) <a href=\\\"https:\/\/twitter.com\/BadgerDAO\/status\/1466263899498377218?ref_src=twsrc%5Etfw\\\">December 2, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script>\n<\/div>\n<\/figure>\n<p>The project team paused all smart contracts and launched an investigation.<\/p>\n<p>The breach is believed to have resulted from an exploit in the user interface. Some protocol clients noticed requests for approvals to additional addresses for withdrawals.<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>&#8220;It seems that some users had approvals set for the exploit address, enabling it to operate their funds in the vaults, which was used,&#8221; wrote on <a href=\\\"https:\/\/discord.com\/invite\/xSPFHHS\\\">Discord<\/a> by one of the community&#8217;s leading members under the handle Tritium.<\/p>\n<\/blockquote>\n<p>He also said that the attack lasted from November 11. Users confirmed that assets were sent to the exploit address more than 10 days earlier.<\/p>\n<figure class=\\\"wp-block-image\\\"><img decoding=\\\"async\\\" src=\\\"https:\/\/lh5.googleusercontent.com\/drum1hDaaPcqbJ55CDkRsERrwfx7b97xvCTvzbtgePIugKRXlgKJUy8rq3eZcle7egs_BWvYLzahIvnXZXWOR9houVvC45AjRP5QW57OkBTPkNVArwYYsJTWbcanrB_7TIhkRsVO\\\" alt=\\\"\u0412\u0437\u043b\u043e\u043c\u0430\u043b\u0438 DeFi-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b Badger DAO. \u0422\u043e\u043a\u0435\u043d \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u043e\u0431\u0432\u0430\u043b\u0438\u043b\u0441\u044f \u043d\u0430 20%\\\"\/><figcaption>\u0414\u0430\u043d\u043d\u044b\u0435: <a href=\\\"https:\/\/etherscan.io\/txs?a=0x3956396472c96e04925b7a416f0996ce5ed30645\\\">Etherscan<\/a>.<\/figcaption><\/figure>\n<p>However, the majority of the funds were withdrawn on December 1.<\/p>\n<p>Initially, the damage was around $10 million. PeckShield&#8217;s analysts compiled their own list of assets stolen by the hacker. Commentators noted that the total exceeds $100 million.<\/p>\n<figure class=\\\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\\\">\n<div class=\\\"wp-block-embed__wrapper\\\">\n<blockquote class=\\\"twitter-tweet\\\" data-width=\\\"500\\\" data-dnt=\\\"true\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">Here is the list of funds that were so far transferred out from victims <a href=\\\"https:\/\/twitter.com\/BadgerDAO?ref_src=twsrc%5Etfw\\\">@BadgerDAO<\/a> <a href=\\\"https:\/\/t.co\/P5pOj1YQ2l\\\">pic.twitter.com\/P5pOj1YQ2l<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\\\"https:\/\/twitter.com\/peckshield\/status\/1466286523729383427?ref_src=twsrc%5Etfw\\\">December 2, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script>\n<\/div>\n<\/figure>\n<p>PeckShield noted that one of the most affected users lost almost 897 BTC (~$51 million).<\/p>\n<div class=\\\"wp-block-text-wrappers-update article_update\\\"><span class=\\\"gtb_text-wrappers_update_head\\\">Update: <\/span><\/p>\n<p>The firm&#8217;s specialists refined the value of the stolen assets, which, by their calculations, exceeded $120 million.<\/p>\n<figure class=\\\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\\\">\n<div class=\\\"wp-block-embed__wrapper\\\">\n<blockquote class=\\\"twitter-tweet\\\" data-width=\\\"500\\\" data-dnt=\\\"true\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">Here is the current whereabouts as well as the total loss: $120.3M (with ~2.1k BTC + 151 ETH)  <a href=\\\"https:\/\/twitter.com\/BadgerDAO?ref_src=twsrc%5Etfw\\\">@BadgerDAO<\/a> <a href=\\\"https:\/\/t.co\/fJ4hJcMWTq\\\">pic.twitter.com\/fJ4hJcMWTq<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\\\"https:\/\/twitter.com\/peckshield\/status\/1466356911842856967?ref_src=twsrc%5Etfw\\\">December 2, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script>\n<\/div>\n<\/figure>\n<\/div>\n<p>According to the <a href=\\\"https:\/\/badger.com\/\\\">Badger DAO site<\/a>, the value of funds blocked in the protocol stands at $1.2 billion, and the treasury exceeds $240 million. According to the service <a href=\\\"https:\/\/zapper.fi\/account\/0xb65cef03b9b89f99517643226d76e286ee999e77\\\">Zapper<\/a>, the latter figure does not reach $62 million.<\/p>\n<p>At the time of writing, the governance token BADGER&#8217;s price had fallen from around $28 to about $22.50 \u2014 roughly 20%.<\/p>\n<figure class=\\\"wp-block-image\\\"><img decoding=\\\"async\\\" src=\\\"https:\/\/lh4.googleusercontent.com\/efvn5MMecrV2FTkULR3QKzVlGto_Ar5RcvdBT6gpBozViBDpGSy7ZZFnx_8lEg3AUwOSd9S8ZJF_cxlvILbRs8zgjIvaA7zYPC2wBUVP7IgN9c0V3Og8doNv--XVOyuVNP-m0CJk\\\" alt=\\\"\u0412\u0437\u043b\u043e\u043c\u0430\u043b\u0438 DeFi-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b Badger DAO. \u0422\u043e\u043a\u0435\u043d \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u043e\u0431\u0432\u0430\u043b\u0438\u043b\u0441\u044f \u043d\u0430 20%\\\"\/><figcaption>30-\u043c\u0438\u043d\u0443\u0442\u043d\u044b\u0439 \u0433\u0440\u0430\u0444\u0438\u043a BADGER\/USD \u0431\u0438\u0440\u0436\u0438 FTX. \u0414\u0430\u043d\u043d\u044b\u0435: <a href=\\\"https:\/\/ru.tradingview.com\/symbols\/BADGERUSDT\/\\\">TradingView<\/a>.<\/figcaption><\/figure>\n<p>Earlier, on November 30, a hacker drained MonoX of crypto assets <a href=\"https:\/\/u1f987.com\/en\/news\/defi-platform-monox-loses-31-million-in-hack\">valued at $31 million<\/a>. Commenting on the incident, The Block analyst Igor Igamberdiev wrote that this was becoming &#8216;a little boring&#8217;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Users of the Badger DAO DeFi protocol reported unauthorized withdrawals. The estimated damage from the breach could exceed $100 million.<\/p>\n","protected":false},"author":1,"featured_media":53954,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1093],"class_list":["post-53953","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"29","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/53953","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=53953"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/53953\/revisions"}],"predecessor-version":[{"id":53955,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/53953\/revisions\/53955"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/53954"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=53953"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=53953"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=53953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}