$BADGER/USDT has fallen from $27.22 to as low as $21.97 on December 02, which is a loss of -19.28%.
According to initial reports BadgerDAO reportedly lost $10 million as a result of a cyberattack. However, Etherescan transactions indicate that one of the affected users lost around 897 WBTC ($51m), indicating that the hack is much more serious than initially thought.
In community channels, there is a current speculation that the hack was caused by a flaw in the Badger.com user interface, and not in the core protocol contracts. Several users report receiving spurious permission requests from their wallet providers while claiming yield farming rewards and interacting with Badger vaults. The first reports of problems appeared on the protocol’s Discord server at 9 pm ET Wednesday night.
In the meantime, Badger has paused all smart contracts to “prevent further withdrawals.” However, Badger has not provided more details on the precise amount taken or which parts of its operations were affected.
According to Etherescan transactions, the hacker has also taken over USD 62m worth of vaulted and synthetic crypto assets from the wallets of users, including WBTC 1,085, 136,000 cvxCRV (Convex CRV), and 64,000 veCVX. Badger has confirmed the hack, saying that they have “received reports of unauthorized withdrawals” of user funds, and that smart contracts have been paused to prevent withdrawals.
In a Discord conversation, Badger core contributor Tritium suggested that some users might have authorized the address to operate on their vault funds. The exploit appears to have been carried out on users who had allowed an exploit address to access their vault funds, Tritium said and added,
“As soon as we noticed it, we froze all vaults. Now we’re trying to figure out where the approvals came from, how many people have them, and what the next steps are,”
The Badger Team is still assessing how much money was lost in this breach and from where it originated.
