DeFi Platform BadgerDAO Says Cloudflare Flaw Led to $130 Million Heist Bitcoin, Ethereum | Tech News

Cryptocurrencies theft: DeFi platform BadgerDAO blames Cloudflare flaw for $130 mn loss

BadgerDAO said a flaw in the account creation process of the software company Cloudflare led to the theft of $130 mn in cryptocurrencies.

| Updated on: Aug 21 2022, 22:32 IST
Defi BadgerDAO revealed that the flaw in Cloudflare led to theft $130 million in cryptocurrency. (HT_PRINT)

Decentralized finance platform BadgerDAO said a flaw in the account creation process of the software company Cloudflare Inc. led to the theft of $130 million in cryptocurrencies earlier this month. BadgerDAO detailed how the hack took place in a blog post on Thursday, saying a phishing attack that occurred on Dec. 2 was a result of “maliciously injected snippet provided” by Cloudflare Workers, a serverless application platform that runs on its cloud network. The post, which was prepared by BadgerDAO and cybersecurity firm Mandiant Corp., said the Cloudflare flaw had been since been remediated.

BadgerDAO hired Mandiant and blockchain forensic analysis firm Chainalysis Inc. to investigate the breach, according to the blog post. Asked about the claims, Cloudflare said in a statement that its systems “were not compromised” and that “this has not impacted any other customers.”

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

“Last week, we were made aware that BadgerDAO experienced an incident,” according to Cloudflare. “We have been in touch with the organization and have provided active support to their investigation.” Cloudflare said there is no vulnerability in its Cloudflare Workers product.

Also read
Looking for a smartphone? To check mobile finder click here.

BadgerDAO said more than $9 million in stolen funds are recoverable, as they were transferred by the attacker but not yet withdrawn from the company's vaults, according to the blog post. The hacker's identity isn't publicly known.

BadgerDAO didn't respond to a request for comment. Mandiant and Chainalysis also declined to comment, citing an ongoing investigation. In a tweet, Chainalysis said the hackers converted the stolen cryptocurrencies to Bitcoin.

In its blog postings, BadgerDAO said it is considering how it may repay the stolen funds, and that the breach has been reported to law enforcement in the U.S. and Canada.

The theft is just the latest in a string of hacks on decentralized finance platforms, which have resulted in hundreds of millions of dollars of losses this year. The theft is the fifth largest decentralized finance hack in terms of losses, according to Rekt News, which maintains a “leaderboard” of compromised organizations

“By the end of July 2021, major crypto thefts, hacks and frauds totaled $681 million,” according to an August report published by blockchain forensics company CipherTrace Inc. DeFi crimes continue to grow, and in the second quarter of this year, criminals netted “new highs in DeFi-related proceeds,” according to the report.

In its blog post describing the hack, BadgerDAO provided screen shots of its internal logs, revealing how a hacker allegedly leveraged a flaw in Cloudflare's product to inject malicious code into the BadgerDAO application. The blog is unusually detailed, as most organizations that suffer hacks reveal little information.

“Badger appreciates our community's patience while we figure out how to balance our commitment to transparency with the fact that this is still an ongoing investigation with rapidly changing information,” the blog post said.

Though BadgerDAO says the attack occurred on Dec. 2, “the actual compromise may actually date back to Nov. 20,” according to an analysis by TRM Labs, which helps financial institutions and governments fight cryptocurrency fraud, money laundering and financial crime. The hacker intercepted several large customer transactions, with one of them netting more than 900 wrapped Bitcoin -- an Ethereum token representing Bitcoin -- or roughly $50 million, TRM said. In total, the hacker appears to have stolen more than 2,000 Bitcoin equivalent and 151 Ethers, the blockchain forensics firm said.

“As the various forms of wrapped Bitcoin were diverted to the hacker's address, they were converted in real-time to renBTC, a tokenized version of Bitcoin on the Ethereum blockchain, then swapped to the Bitcoin blockchain,” TRM said in a recent blog.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 11 Dec, 18:51 IST