HomeTechnologyBanking services

DeFi exchange stolen $120 million

While the investigation was still ongoing, members of Badger informed users that the problem came from hackers inserting a malicious script into the user interface of their website. For any user interacting with the website while the script is active, the script intercepts Web3 transactions and inserts a request to transfer the victim's token to the attacker's chosen address.

DeFi exchange stolen $120 million Picture 1

Meanwhile, PeckShield pointed to a transfer of 896 Bitcoins to the attacker's wallet worth more than $50 million. According to the research team, the malicious code appeared as early as November 10, when attackers ran malicious scripts at random times to avoid detection.

Decentralized finance (DeFi) systems rely on blockchain technology to allow cryptocurrency holders to perform more typical financial operations such as earning interest through lending. BadgerDAO promises users that they can 'have peace of mind knowing you never have to give up your crypto private keys, you can withdraw anytime you want, and our strategists We're working around the clock to get your property up and running'. Its protocol allows Bitcoin holders to "bridge" their cryptocurrency with the Ethereum platform through tokens and take advantage of DeFi opportunities.

After learning of the unauthorized transfers, Badger halted all smart contracts, essentially freezing the platform and advising users to reject all transactions to the attacker's address.

The company said it was 'withholding the data of Chainalysis forensic experts to uncover the full scale of the incident and that authorities in both the US and Canada have been notified. Badger is fully cooperating with external investigations as well as conducting its own investigations.

One of the directions Badger is investigating is how an attacker appears to have accessed Cloudflare through an API key that should have been protected with two-factor authentication (MFA). While the attack did not reveal specific vulnerabilities in the blockchain technology itself, it attempted to exploit the older 'web 2.0' technology that most users use to make transactions.

Multi-factor authentication protects accounts against multiple phishing schemes or mass credential stuffing attacks. However, experts repeatedly warn of targeted phishing attacks that can bypass it, while toolkits to automate the process have been available for many years.

4 ★ | 1 Vote
hackeronline scamTOKENMFAattackerbitcoinWeb 2.0ethereum

You should read it

May be interested

  • Change smartphones over 10 million VND to get Galaxy Note 4Change smartphones over 10 million VND to get Galaxy Note 4
    fpt shop retail chain on october 3 announced the first smartphone exchange program applied in vietnam. accordingly, users can use any smartphone priced at over vnd 10 million in exchange for samsung's new galaxy note 4.
  • New features on iOS 17.3 beta make iPhone thieves 'cry'New features on iOS 17.3 beta make iPhone thieves 'cry'
    in the ios 17.3 beta 1 update, apple added a new feature called stolen device protection (protects the device when stolen) to make it more difficult for thieves to get hold of stolen devices, even when stolen. they have the password to open the device.
  • Remote Exchange 2003 administrationRemote Exchange 2003 administration
    you already know about exchange 2005, exchange 2007, but the most basic concepts are provided in hand? in the following article, we will discuss how to remotely access the exchange management console anywhere, at any time.
  • Switch from Exchange 2000/2003 to Exchange Server 2007 (part 1)Switch from Exchange 2000/2003 to Exchange Server 2007 (part 1)
    how is the conversion from exchange server 2000 or exchange server 2003 to exchange server 2007 done? you will have to move data from every available exchange server in the exchange organization to the new exchange 2007 servers after having them shut down.
  • Introducing Exchange Server 2019, how to install Exchange Server 2019Introducing Exchange Server 2019, how to install Exchange Server 2019
    exchange server 2019 is designed to deliver security, performance, and improved manageability and operations - properties microsoft's biggest customers have come to expect from exchange.
  • How to Check for a Stolen iPhoneHow to Check for a Stolen iPhone
    today's tipsmake will show you how to check whether the old iphone you bought is stolen or not by checking the imei and meid codes registered online. note: the methods below will only apply if the previous owner of the iphone has reported the phone as lost or stolen. if the iphone has not been reported then there is no technical way to determine the problem. this topic.
  • Transfer Exchange 2003 to Exchange 2007 (P.7)Transfer Exchange 2003 to Exchange 2007 (P.7)
    in the previous section, we have configured some of the necessary components in the exchange 2007 environment, such as the ccr and transport dumpster configuration parameters.
  • Transfer Exchange 2003 to Exchange 2007 (Part 2)Transfer Exchange 2003 to Exchange 2007 (Part 2)
    in this article, we will continue the process to build the exchange 2007 system starting with the installation of the hub transport and client access server.
  • Is investing TKO on Tokocrypto potential?Is investing TKO on Tokocrypto potential?
    tokocrypto (tko) is indonesia's first regulated cryptocurrency exchange, offering a unique token model with utilities ranging from tokens on exchanges, to cefi and defi. so is the investment in tko on tokocrypto potential? are there any risks?
  • Transfer Exchange 2003 to Exchange 2007 (Part 3)Transfer Exchange 2003 to Exchange 2007 (Part 3)
    in the previous two sections, we installed the first exchange 2007 servers, combining hub transport and client access servers in an exchange 2003 environment.

Banking services