Source: AdobeStock / Sashkin

Badger DAO, a decentralized autonomous organization (DAO) that enables bitcoin (BTC) to be used as collateral across decentralized finance (DeFi) applications, has fallen victim to an exploit. 

It was originally speculated that the project has lost over USD 10m worth of cryptoassets. However, Etherescan transactions suggest that one of the affected users has lost around 897 WBTC (wrapped BTC) (USD 51m), implying that the hack is much bigger than initially thought.

Furthermore, Etherescan transactions show that the hacker has taken WBTC 1,085), 136,000 cvxCRV (Convex CRV), 64,000 veCVX, and other forms of vaulted and synthetic crypto assets from users wallets - pushing the amount stollen over USD 62m. 

The Badger team has confirmed the hack, saying that they have "received reports of unauthorized withdrawals" of user funds, and that smart contracts have been paused to stop withdrawals.

Meanwhile, some users speculate that the attacker has been "sneaking in approvals in between legit deposit and reward transactions," stealing funds for approximately 12 days, adding that it could be a so-called rug pull, when developers abandon a project and run away with investors' funds.

However, Badger core contributor Tritium said on Discord that some users might have approved the exploit address to operate on their vault funds. "It looks like a bunch of users had approvals set for the exploit address allowing [the address] to operate on their vault funds and that was exploited," Tritium said.

"Once we noticed we froze all the vaults so nothing can move and are trying to figure out where the approvals came from, how many people have them, and what next steps are," Tritium added.

____

Learn more:
- MonoX Team Confirms Exploit, USD 30M+ Might Be Stolen
- AnubisDAO Points at 'Critical Mistake' After Losing USD 60M of Investors Money

- Cream Finance Suffers Another Exploit as Attacker Runs Away With USD 100M+
- Vee Finance Reports an USD 36M Exploit, VEE Takes a Dive

- SushiSwap's MISO Suffers USD 3M Attack, Contract Thefts May Rise
- A Tale of Two Hacks: Poly Hacker Bows Out, Liquid to Restore Operations

Credit: Source link