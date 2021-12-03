Around $120 million (roughly Rs 899 crore) were stolen from multiple cryptocurrency wallets on decentralised finance platform BadgerDAO on Wednesday. BadgerDAO is now investigating the issue with blockchain data and analytics firm PeckShield. A report in The Verge says that the members of the BadgerDAO team have told users that they believe the issue came from someone inserting a malicious script in the UI of their website.

For users who interacted with the site when the malicious script was active, it would intercept Web3 transactions and insert a request to transfer the victim’s tokens to the attacker’s chosen address. The good part is that due to the transparent nature of the platform, everyone can see what happened once the attackers launched their script. Peckshield said that one transfer put 896 Bitcoins worth more than $50 million (roughly Rs 374 crores) into the attackers account.

The malicious script appeared as early as November 10 on the BadgetDAO website, and the attackers ran it at random intervals to avoid detection. However, once the BadgerDAO system became aware of the issue, it paused all smart contracts, basically freezing its platform and advised users to decline all transactions to the attacker’s address.

“Badger has retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own," the company said in a tweet. While the attack did not reveal any specific flaw in the Blockchain, they managed to exploit the web 2.0 technology that is used to perform transactions.

It is not known as to what funds can be recovered or how the affected users will be compensated for their loss.

