The Badger DAO yield vault protocol, a mainstay of decentralized finance (DeFi), has been another victim to a hack, resulting in the loss of $10 million in the form of cryptocurrencies.
On Wednesday at 9 p.m. EST, users first noted potential issues and theft in the Discord of protocol.
The attack, according to community speculation, was caused by an exploit in the Badger.com user interface rather than in the core protocol contracts. Many impacted users claim that their wallet providers prompted illegitimate requests for additional permissions while receiving yield farming rewards and engaging with Badger vaults.
“It looks like a bunch of users had approvals set for the exploit address allowing [the address] to operate on their vault funds, and that was exploited.”Badger’s core contributor Tritium on Discord states.
He added that as soon as the team noticed it, it froze all the vaults to prevent any movement. He kept on to say that the team is trying to figure out where the approvals came from, the number of people who have them, and what the next moves are.
The team confirmed the hack on Twitter, saying that all smart contracts have been paused to seize further withdrawals. It added that the investigation is going on, and the team will release further information as soon as possible.
Badger loses over $10 million
Reports by various sites say that the Badger hack has taken around 185 WBTC, 64,000 veCVX, 136,000 cvxCRV, and many types of synthetic bitcoin from attacked wallets worth more than $10 million.
At the time of publication, Badger DAO’s token BADGER is already down by 19% and is trading around $22.16.
While most of the funds were lost on Wednesday night, the above-mentioned fake permission request may have been made days prior to the hack.
Despite the smart contracts being paused, the community members are advising the depositors to use tools like Debank and Unrekt to revoke permissions for the fake contract.