Another DeFi Thief: Hackers Steal $ 120 Million In Cryptocurrency

Techsoho view 53216 2022-1-2 14:40
share to
Scan QR code with WeChat

According to The Verge, hackers hacked into the decentralized financial platform BadgerDAO on Wednesday evening, withdrawing money from various cryptocurrency wallets. According to blockchain security and data analytics Pexshield, which is working with Badger to investigate the theft, several tokens were stolen in this attack worth up to $ 120 million (around $ 100 billion in earnings). ).

While an investigation is ongoing, a member of the Badger group told users they believed the issue was caused by someone posting malicious content on the site's user interface. For each user associated with the site during the execution of the script, it triggered a Web3 change and clicked on the request to send the victim token to the address of the selected attacker.

The transparency of the exchange lets you know what happened after the hack. PeckShield notes that sending 896 bitcoins to a thief's wallet was worth more than $ 50 million. According to the group, the malware appeared as early as November 10, but if Badger knew about the illegal exchange, it would stop all smart contracts, freeze the platform for life, and ask users to reject any changes. Attackers execute at seemingly random intervals and therefore go undetected.

On Thursday evening, the company said it was involved in outside research and hired forensic data expert Chainalysis to investigate the case. Badger is currently investigating whether an attacker gained access to Cloudflare through an application intercepting a key that needed to be protected by two keys. Proof.

While the strike did not expose vulnerabilities in blockchain technology itself, it did achieve the “web2.0” technology required by most users. Bulk schema or credential write protest.

However, experts have repeatedly warned that phishing schemes can bypass it, and tools that use this process have been around for years. The 2019 FBI Report states that terrorists capable of breaking through the MFA have developed and accepted any changes or training that could make these attacks more difficult.

Even in traditional financial applications, obtaining double standard insurance can be difficult. Just call PayPal. Still, a situation like this, or the $ 600 million theft from the Poly Network in August, or the $ 53 million theft that hit the first DAO in 2016, should be enough to expand security knowledge for people. process and cryptography. . .

A Badgers Discord commentator said, “In every blockchain / smart surveillance deal around the world, an unreliable team has lost 120 million people to Cloudflare API leaks. Zhong adopted the new deal for his contract and we still have a long way to go, ”he said. . “I think we will discuss the cuts in the future,” the group member said.

It is not yet clear what funds will be recovered and how the affected funds will be damaged. Although run by a group that Badger himself calls "DeFi's most secure group," one in the world of crypto, blockchain, and Web3 applications when it comes to finally understanding how authorization, signing, and marketing happen. . Yes. Work and watch out for them.

btcfans公众号

Scan QR code with WeChat

Link
Disclaimer:

Previous: The Most Powerful Guide for DeFi 2.0 Newbies: How to Get Your First Gold Point in Liquid Mining? Next: Can the StarkWare outlook of L3 and L4 beyond L2 be true?

Related