Someone Stole $120 Million in Crypto From a DeFi Website

The Verge reports: On Wednesday night, someone drained funds from multiple cryptocurrency wallets connected to the decentralized finance platform BadgerDAO. According to the blockchain security and data analytics Peckshield, which is working with Badger to investigate the heist, the various tokens stolen in the attack are worth about $120 million.

While the investigation is still ongoing, members of the Badger team have told users that they believe the issue came from someone inserting a malicious script in the UI of their website. For any users who interacted with the site when the script was active, it would intercept Web3 transactions and insert a request to transfer the victim's tokens to the attacker's chosen address. Because of the transparent nature of the transactions, we can see what happened once the attackers pounced. PeckShield points out one transfer that yanked 896 Bitcoin into the attacker's coffers, worth more than $50 million.

According to the team, the malicious code appeared as early as November 10th, as the attackers ran it at seemingly random intervals to avoid detection....

One of the things Badger is investigating is how the attacker apparently accessed Cloudflare via an API key that should've been protected by two-factor authentication...

And nothing

[real_nickname]

of value was lost. This tulip mania is destroying the environment.

Re:And nothing

[Freischutz]

And nothing of value was lost. This tulip mania is destroying the environment.

In the case of Bitcoin a lot of people have got rich, and I mean real fiat currency rich, off it.

Like it or not Bitcoin has real value, it can be exchanged for real goods and services, or fiat currency.

Maybe it's not really worth $50M, but it's certainly worth a considerable sum of real money and if they can't refund it I imagine there will be a lawsuit.

Right, just like tulip bulbs until that Ponzi scheme collapsed.

Re:

[msauve]

You don't seem to know the difference between a bubble and a Ponzi scheme. They're very different things.

Re:

[burtosis]

You don't seem to know the difference between a bubble and a Ponzi scheme. They're very different things.

Cut them some slack, no one saw Charles Ponzi’s scheme coming and it had his name right in it.

Re:

[Freischutz]

You don't seem to know the difference between a bubble and a Ponzi scheme. They're very different things.

Economic bubbles are also similar to a Ponzi scheme in that one participant gets paid by contributions from a subsequent participant until inevitable collapse. A bubble involves ever-rising prices in an open market (for example stock, housing, cryptocurrency, tulip bulbs, or the Mississippi Company) where prices rise because buyers bid more, and buyers bid more because prices are rising. Bubbles are often said to be based on the "greater fool" theory. As with the Ponzi scheme, the price exceeds the intrinsi

Re:

[Black Parrot]

Everything is worth what someone is willing to trade for it.

(Wisely or otherwise.)

Re:

[burtosis]

Everything is worth what someone is willing to trade for it.

(Wisely or otherwise.)

This is the simple and yet fundamentally correct answer. Just because someone doesn’t value something doesn’t mean it has none. Liquidity measures value and bitcoin is quite liquid without large valuation loss even in 8 or 9 digit whole USD transactions.

Re:

[Pylmer]

Everything is worth what someone is willing to trade for it.

(Wisely or otherwise.)

This is the simple and yet fundamentally correct answer. Just because someone doesn’t value something doesn’t mean it has none. Liquidity measures value and bitcoin is quite liquid without large valuation loss even in 8 or 9 digit whole USD transactions.

Actually, no. That simplification is not fundamental at all, and often incorrect.

How much are you willing to trade for a dose medication to save your life? Are you willing to trade more than you are able to trade? How much are you willing to trade that same dose of medication when you have no use for it?
How about food that you cannot eat because you are full? How about the food that a starving minor is willing to trade sexual favors for?

This got dark really fast, yet you said that it is simple and fundamen

Re:

[SniffTheGlove]

Even today I saw on eBay a 15 year old Pentium p90 PC and the seller was asking $350 dollars!! it had no bids though so if anyone fancies an overpriced old Gateway PC then pop along now and make that person happy.

Re:

[account_deleted]

Comment removed based on user account deletion

Re: And nothing

[bumblebees]

It have or perhaps more have not a value because you just tok someone elses money. Kind of like the stockmarket. A zero sum game. Dont produce anything just consumes electricity. Its not used as payment as it was intended in any meaningful way.

Re:

[PacoSuarez]

<quote>Kind of like the stockmarket. A zero sum game. Dont produce anything just consumes electricity.</quote>

This is nothing like the stock market. The stock market includes the primary market (a.k.a IPOs), which is a mechanism of capital accumulation that allows companies to raise funds to grow; and the secondary market (what you probably think of as "the stock market") where people can transfer ownership of [parts of] businesses. There is a zero-sum game aspect to active trading, but the stoc

Re:

[Joce640k]

In the case of Bitcoin a lot of people have got rich, and I mean real fiat currency rich, off it.

Like it or not Bitcoin has real value, it can be exchanged for real goods and services, or fiat currency.

That was exactly what they said about tulip bulbs.

Re:

[Kaenneth]

You do realize the Tulip Bulb thing is mostly a myth right? it wasn't that big of a deal.

https://www.smithsonianmag.com... [smithsonianmag.com]

If that's your best argument against it, Crypto is pretty safe.

Re:

[h33t l4x0r]

I always imagine beanie babies as a better analogy, artificial scarcity creates a bubble, it pops, and investors are left holding the bag. But those things are still worth something. And I imagine if you had an authenticated tulip-mania bulb from that time period it would be worth something too. Either way, both those things only lasted a few years, nowhere near the 13 year streak Bitcoin has been on.

Re:

[Vintermann]

For bitcoin, money in = money out. Every dollar someone got out of it, someone else lost - though quite possibly, the losers haven't realized it yet.

And that's not even taking into account money spent on mining rigs and electricity.

Re:

[h33t l4x0r]

Now explain to the folks at home how this is not also true of your preferred currency.

Re:

[Vintermann]

It IS true of actual currency.

Which is why you use it to pay for things, rather than holding on to it in the hope of collecting rents.

Re:

[thegarbz]

Like it or not Bitcoin has real value

No it has perceived value. As soon as that perception changes that value vanishes. Bitcoin has no base real world utility which would peg it to a source a value.

Wasting electricity is not a source of value.

Re:

[gweihir]

Since BC produces nothing of value, any gain is somebody else's loss. Hence for anybody getting rich, others got poorer. Like in any good scam.

So no, BC has absolutely no real value.

Re:And nothing

[The Real Dr John]

Bitcoin has real value only because people have been convinced it does. If rich people started talking up dog shit, there would be a rush on that, until people figured out it was just shit.

Re:

[burtosis]

Yes, so stop being jealous and start slinging fresh and natural dog chips, it’s the American dream.

Re: And nothing

[reanjr]

The same reason gold has value.

For the last 7000 years.

Re:

[The Real Dr John]

Don't forget dubious financial derivatives, junk mortgage-backed securities and NFTs. All pretty much worthless unless you convince enough people they are the cat's meow.

Re:

[gweihir]

The same reason gold has value.

For the last 7000 years.

Nope. Gold has about half of its market value in actual industrial application value these days. That means it will not fall below that price. Even at its current price, it is used industrially, but it would be used a lot more if it was cheaper.

Re:

[blahabl]

The same reason gold has value.

For the last 7000 years.

Nope. Gold has about half of its market value in actual industrial application value these days. That means it will not fall below that price. Even at its current price, it is used industrially, but it would be used a lot more if it was cheaper.

And that's true for... how much of human history? 50 years perhaps? 100? Before that its only real use was jewelry, use in which it could be perfectly replaced by tombak, except, you know... tombak isn't gold.

Re:

[sarren1901]

So you can make jewelry out of gold. Can't make anything out of bitcoin.

Re:

[blahabl]

And what exactly is the difference? That means the intrinsic value of gold is the same as that of tombak. Yes, it won't crash down to exactly zero, but if it were to crash down to its intrinsic value, then the few cents of value it'd retain would make exactly zero difference in how screwed we would be. And yet, somehow it didn't happen. Imagine that.

Re: And nothing

[reanjr]

I can make an NFT out of Bitcoin.

Re: And nothing

[flyingfsck]

Bitcoin mainly has value because it is used for money laundering by drug lords.

Re:

[DrMrLordX]

Pyrite Pete in particular was a pugnacious Bitcoin Maximalist(tm) that would talk down any innovation in blockchain technology that was not Bitcoin. Don't think that any of these posters are in league with him (per se).

But yes a lot of money was lost, even if r/Buttcoin is likely chuckling over the incident.

Re:

[waspleg]

At least with tulips you could plant them.

Re:

[Kaenneth]

https://www.barrons.com/articl... [barrons.com]

https://www.smithsonianmag.com... [smithsonianmag.com]

Re:

[Kaenneth]

You do realize the Tulip Bulb thing is mostly a myth right? it wasn't that big of a deal.

https://www.barrons.com/articl... [barrons.com]

If that's your best argument against it, Crypto is pretty safe.

Correction

[Petersko]

This tulip mania is destroying the environment.

To be fair, this tulip mania is adding a small bit to the top of the energy usage that is destroying the environment.

My sitting here being pedantic with a tablet is doing the same.

They know where it went but....

[Computershack]

Because of the transparent nature of the transactions, we can see what happened once the attackers pounced.

Which is all well and good but it goes to an anonymous wallet, you can't see who owns it and given some exchanges being quite happy to have low to non-existent ID verification you've no way to track ultimately where it ended up in fiat currency. It always makes me laugh when people bang on about the security of crypto because it is almost childs play to steal and because the exchanges are unregulated there's no comeback or method of recourse for the victim if the company/institution involved chooses to do nothing.

Re:They know where it went but....

[burtosis]

It’s more than not keeping track, there are exchanges that bundle fairly large batches of transactions together then fragment and scramble everything so that it’s not possible to determine exactly where the money went, even with a public ledger. Money laundering is the main feature, not a bug.

Re:

[blahabl]

It’s more than not keeping track, there are exchanges that bundle fairly large batches of transactions together then fragment and scramble everything so that it’s not possible to determine exactly where the money went, even with a public ledger. Money laundering is the main feature, not a bug.

No, privacy is the main feature. Yes, like ALL forms of privacy, it enables crime, which is always the excuse of any totalitarian governemtn who wants to take away the privacy. Well, this time you won't take it away from us.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[blahabl]

Because of the transparent nature of the transactions, we can see what happened once the attackers pounced.

Which is all well and good but it goes to an anonymous wallet, you can't see who owns it and given some exchanges being quite happy to have low to non-existent ID verification you've no way to track ultimately where it ended up in fiat currency. It always makes me laugh when people bang on about the security of crypto because it is almost childs play to steal and because the exchanges are unregulated there's no comeback or method of recourse for the victim if the company/institution involved chooses to do nothing.

Uhhh, and yet whenever someone brings up that crypto enables anonymous transactions, immediately detractors appear to yell it's only pseudonymous not aonymous, and it's trivial to track transaction history, and deanonymize accounts at the moment they get changed into currecny. So, which one is it? You can't have it both ways.

Re:

[account_deleted]

Comment removed based on user account deletion

LOL, who said a ...

[MxMatrix]

... huge heist was something of the past?

Re:

[Opportunist]

It's more tulips all the way down.

Re: "Decentralised finance platform"

[reanjr]

There's a distinction on every exchange between the backend trading platform and the easy-to-use web front end. This is no different. Coinbase has the same kinds of problems with a non-DeFi platform.

it's a new business model

[etash]

obscure "entrepreneurs" and crypto "visionaries" develop a product that will change the world...with "smart contracts". They also introduce some not so easily detected before the fact bug and one day .. voila.. a "hacker" exploits it. millions that people .. sorry I mean to say gullible idiots invested are lost.

It's not the first time it happens and definitely not the last.

Re:

[flyingfsck]

Nothing was lost. The assets were just repurposed.

Re:

[DrMrLordX]

Actually the contract looks airtight. PolyDEX was flawed from its inception, for example. BadgerDAO's mistake was using an insecure website as an interface for the smart contract.

Stored XSS for the win.

[devslash0]

https://imgs.xkcd.com/comics/e... [xkcd.com]

Feature not bug

[lessthan0]

You want DeFi tokens so "the man" can't track you or tax you. Instead, you put your trust into anonymous programmers and miners that only have their own interests in mind. There are no legal protections, no recourse, and no undo. The entire space is filled with theft, cons, scams, pump and dumps, and rug pulls. RugPullCoin will be my next project and I expect a lot of takers, haha. Call badger customer service.

This is how I know crypto has no real value

[rsilvergun]

There's a multi-million dollar heist two or three times a month. It was revealed that Tether, which is the coin the entire exchange system runs off of, is it giant scam where despite claiming a one-to-one ratio of dollars to coin it's more like 20 or 30%. And the price of Bitcoin just dropped 16% for no discernible reason.

These are the sort of things and a sort of constant scandals that should undermine investor confidence and lead to either a market collapse or a complete reevaluation in how the market functions. But crypto keeps on keeping on the same way. The reason is nobody really cares when they lose a ton of money and a reason for that is that all the real money in crypto besides a handful of speculators is money laundering.

Re:

[allcoolnameswheretak]

And the price of Bitcoin just dropped 16% for no discernible reason.

There is always a reason why things happen.
In this case it was one of the most common reasons for large crashes: a lot of liquidations of greedy, overleveveraged traders in a relatively illiquid market.

Re:

[Kaenneth]

still up 160% since this day last year.

You can't have that kind of gain without volatility.

Re:

[rsilvergun]

I was speaking metaphorically. My point was that a sudden crash like that shouldn't really happen especially with something that's being called a currency. It's bad enough we let the stock market gamble with our lives we don't need to add a whole new form of gambling we can leave us all broke.

Re:

[white5moke]

Yeah that heist is to annihilate all fiat fake cash. You know bank robberies still happen right?!

If they were investors, it would, because

[waspleg]

real investors do due diligence. These are gamblers, and they're taking a lot of the credulous and desperate with them Pinocchio style.

Rich people's problems

[VeryFluffyBunny]

Meanwhile, the rest of us will have to suffer the effects of more severe climate change/global heating because blockchain mining is sucking electricity out of our systems faster than we can build capacity to replace fossil fuels.

Everyone ~wins

[white5moke]

You know some people call Pepsi a Coke. No one ever puts faith in 2nd place =(

Crappy websites for crappy "coins"

[gweihir]

Greed is not a valid substitute for actual skill and insight. This is just another nice demonstration for that.

Oh, and incidentally, real banks handling real currencies are tightly regulated to prevent crap like this (among other things).

Wrong unit of measure!

[Petersko]

I don't want to be told what it was worth in "dollars". That silly fiat currency shouldn't be used for comparison. I need to know what it's worth in Polkadot.

It's this kind of stability and security...

[MonkeyProgrammer]

It is precisely this level of stability and security that makes cryptocurrencies just so damn appealing.

Add in the ridiculous levels of energy needed to process each and every transaction and, golly, I really think this could be my favorite product of the 21st century.


XOXOXO,

Satan