$116 300 000 USD

DECEMBER 2021

GLOBAL

BADGERDAO

DESCRIPTION OF EVENTS

"Earn Interest on Your Bitcoin. BadgerDAO makes it easy to bring your Bitcoin to DeFi and start earning yield today." "BadgerDAO is building the infrastructure to bring Bitcoin to DeFi. We make it easy to bridge your Bitcoin into other blockchains and start earning yield right away."

 

"BadgerDAO is a decentralized autonomous organization (DAO) run by our users – not VCs, whales, or institutions." "DeFi innovation has paved the way for a number of protocols, including Badger, to offer significant returns. Badger has one of the most security minded teams in DeFi and has pioneered several practices to minimize risk."

 

"Badger Sett is a yield aggregator product that leverages automated strategies to generate yield for user deposits of various underlying assets. They are non-custodial, transparent, and users can withdraw their assets at any time. The bulk of existing Setts are based on the Yearn Vaults V1 architecture, expanding it with new strategies, a new fee structure, and modifications to the governance of the system."

 

"BadgerDAO’s smart contracts are regularly audited by top security firms to discover and fix vulnerabilities before launch. Audit reports are linked below. Please note that audit reports cover specific portions of the BadgerDAO codebase and are done at a snapshot in time. Our code is frequently updated, which could introduce new vulnerabilities."

 

"In late September, users on a Cloudflare community support forum reported that unauthorized users were able to create accounts and were also able to create and view (Global) API keys (which cannot be deleted or deactivated) before email verification was completed (see Cloudflare Forum Post). It was noted that an attacker could then wait for the email to be verified, and for the account creation to be completed, and they would then have API access."

 

"In mid-September, Badger unknowingly completed the account creation for one of these three compromised accounts, which were used for legitimate Cloudflare management activities. The UI did not make it obvious that the account had already been created and an API key was accordingly generated."

 

"On November 10, the attacker began using their API access to inject malicious scripts via Cloudflare Workers into the html of app.badger.com. The script intercepted web3 transactions and prompted users to allow a foreign address approval to operate on ERC-20 tokens in their wallet. On November 20, the first on-chain malicious approval was made for the exploiter wallet."

 

"The attacker used several anti-detection techniques in their attack. They applied and removed the script periodically over the month of November, often for very short periods of time. The attacker also only targeted wallets over a certain balance, and explicitly avoided targeting listed signers of the Dev Multisig. Finally, the attacker accessed the API from multiple proxy and VPN IP addresses and changed the script on each deployment so they each had a unique hash, rendering static indicators of limited value."

 

"[L]ast week, Celsius Network CEO Alex Masinsky said the crypto lending platform lost $120 million due to the hacking of its decentralized financial platform Badger DAO."

 

"On Dec 2 2021, a series of unauthorized transactions occurred, resulting in the loss of funds from Badger users. Following the exploit, Badger engineers worked with cybersecurity firm Mandiant to investigate the incident and have prepared the following initial report." "The Badger community raised an alert via Discord about a large, suspicious transaction on December 2." "The attack was noticed by a Community member when approximately 900 BTC were removed from the Yearn wBTC vault."

 

"This news comes after bad actors hacked BadgerDAO, a decentralized autonomous organization that lets users stake BTC as collateral across DeFi applications. The attack saw the DAO lose $120 million (£90.41). The hack allegedly saw Celsius Network lose over $50 million (£37.67 million) worth of wrapped Bitcoin (wBTC)."

 

"Here’s the breakdown of affected assets. 2017 BTC (~$113m) 53 DIGG (~3.2m) 26.56 ETH (~0.1m) 730 CVX (~0.018m) The affected assets will be accounted for in BTC and USD at the time of the exploit. BTC is disproportionately the largest asset lost and USD is a recognized global unit of account." "When all affected assets are converted to BTC at the time of the hack this is approximately 2076.54 BTC (~$116.3m USD at time of hack) 2019.37 BTC if DIGG is excluded for consideration by the community for special compensation."

 

"Badger immediately paused most vault activity within 30 minutes of the alert. A handful of older contracts with a single, inaccessible guardian were paused approximately 15 hours later."

 

"In partnership with cybersecurity firm Mandiant, Badger prepared a technical document outlining the understanding of how the front end attack happened."

 

"Badger believes that, as publicly reported, the phishing incident that occurred on 2 Dec, 2021 was the result of a maliciously injected snippet provided by Cloudflare Workers. Cloudflare Workers is an interface to run scripts that operate on and alter web traffic as it flows through Cloudflare proxies. The attacker deployed the worker script via a compromised API key that was created without the knowledge or authorization of Badger engineers. The attacker(s) used this API access to periodically inject malicious code into the Badger application such that it only affected a subset of the user base."

 

"Per the responses on the Cloudflare forum, the vulnerability appears to have been mitigated around September 29." "Badger is continuing to work with Cloudflare to collect more relevant data, fully scope this incident and assist in their own post-mortem."

 

"Per BIP-33, addresses approved on the guardian contract have the ability to pause contracts. The pausing functionality of these contracts operates in a manner that blocks any deposit, withdrawal, transfer for ERC20 vaults, withdrawals from strategies, and any minting/redeeming of ibBTC until the unpause function is called on them. Unpausing is restricted to the Dev Multisig, which requires governance approval. Eight older strategies and one vault also require a timelock to unpause."

 

"Most contracts were paused by 3:30 AM UTC. Some older vaults, (namely bcrvRenBTC, bcrvSBTC, bcrvTBTC, bBADGER, bharvestcrvRenBTC and buniWbtcBadger) do not have pause functionality on the vault contract. Their strategies were nevertheless paused to prevent withdrawals. At the time Badger engineers were unable to access the guardian account of the bBADGER, bharvestcrvRenBTC and buniWbtcBadger strategies. Further investigation revealed the strategist who helped come up with this smart contract idea also had pausing capabilities, and pausers were eventually able to pause the strategies with the strategist account."

 

"[T]he last malicious withdrawal from the unpaused vaults occurred at 4:57 AM UTC. All withdrawals that took place after this and until the pausing of the last strategy were conducted by regular users." "It is also worth mentioning that the attacker was able to compromise non-Sett tokens, such as BADGER, wBTC, CVX and cvxCRV, and was able to liquidate them after Badger had enacted the pauses."

 

"The Badger Cloudflare account has had the password updated, MFA changed and all API keys either deleted or refreshed where possible."

 

"Badger is working with Chainalaysis, Mandiant, and the crypto exchanges as well as authorities in the US and Canada to recover any funds possible."

 

"Following the attack, Badger engineers, together with world class blockchain and Web2 cybersecurity experts Mandiant, conducted a full review of our security practices, looking at everything from the smart contract layer, to the app infrastructure, to how we communicate with and educate users."

 

"While Badger's smart contracts were not involved in the attack, we are continuing to follow Solidity development best practices, including: Partnering with some of the leading auditing firms to audit code for new functionality and features. A growing working group of security-minded Solidity developers who review new contracts. Each new strategy and vault is peer reviewed by two developers, before being approved by a senior developer. For incremental improvements collaborating on peer-reviews by trusted white hats, emerging contract security-focused DAOs, and public security auditing contests and bounties. Badger’s $750k bug bounty with Immunefi on smart contracts has yet to be claimed, and provides a strong incentive for white hat reporting of vulnerabilities."

 

"Badger is currently working with cybersecurity firm Halborn to conduct a thorough security audit of our new infrastructure."

 

"After extensive internal security reviews, upgrades, and the implementation of new safeguards with the support of Mandiant, Badger smart contracts have been safely reactivated."

 

"The BadgerDAO treasury’s non-native assets currently earmarked to be used for long-term operational runway can be used to commit to compensation efforts. This money could be immediately paid to victims either directly or indirectly."

 

"The non-circulating BADGER currently held by BadgerDAO could be scheduled to be emitted over a fixed timeframe to victims. This program should be evaluated at the end of that chosen timeframe."

 

"BadgerDAO could create and distribute an accounting token to victims. This would allow BadgerDAO’s team to pursue novel yield farming programs and redirect future yields to victims over a fixed timeframe. This program should be evaluated at the end of that chosen timeframe."

 

"[S]ome funds were transferred by the exploiter but not yet withdrawn from the Badger vaults." "As per BIP 78, all Recoverable Assets have been returned to the wallets from which they were taken. This represents close to 40% of all affected users." "Harvests will resume shortly and will include awards accrued since pausing. Users who withdraw from a vault position prior to the next harvest cycle will forfeit the accrued rewards from that position."

BadgerDAO suffered a massive attack on their smart contract hot wallets. In this case, the vulnerability was not inherently in the contract, but they were tricked into adding an additional API connection, which allowed the attacker to inject malicious code. So far, the security of the smart contract has een improved and 40% of funds have been recovered. There are suggestions of other measures to recover the rest.

HOW COULD THIS HAVE BEEN PREVENTED?

There are a number of ways to prevent and mitigate this situation. It is far more secure to have the majority of funds in a multi-signature wallet where keys are stored offline by multiple operators. This would limit the potential loss to only those funds being actively within the hot wallet. Audits can be used to reduce the risks on the hot wallets further, and we advocate at least 2 reviews would be required prior to a project launch. We also propose a comprehensive industry insurance fund which could be available to assist.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.