Get Mystery Box with random crypto!

​DeFi project BadgerDAO team reveals $ 121 million hack detail | Cryptocurrency Bitcoin NEWS

DeFi project BadgerDAO team reveals $ 121 million hack details

The BadgerDAO DeFi protocol team revealed the details of the recent hack and reported that during the attack, the hackers used the Cloudflare Workers service, which allows them to deploy scripts on the company's cloud network.

The developers took notice of a post that appeared on the Cloudflare forum at the end of September. One contributor noticed that unauthorized users can register accounts and create and view API tokens that cannot be deleted or deactivated until email verification is complete.

After completing these steps, an attacker can wait for the account to be verified and completed, thus gaining access to the API.

After the incident, the BadgerDAO team analyzed the Cloudflare logs and found traces of unauthorized account registration and key generation for three APIs.

In mid-September, developers "unknowingly completed account registration" for one of the compromised interfaces, which was "used for legitimate Cloudflare management activities."

“The user interface does not make it clear that the account has already been created, so a key was generated for the API. On November 10, an attacker used API access to inject malicious scripts through Cloudflare Workers into the html file of the app.badger.com website, ”the developers wrote.

The hacker has stolen assets worth more than $ 130 million, but about $ 9 million can be returned, since they have not yet been removed from the protocol vaults. Thus, the damage exceeded $ 121 million.

The project team reported that it has already closed the exploit that made the attack possible, updated the password for the Cloudflare account, and deleted or updated the API keys.

Since the hacker has not yet been identified, BadgerDAO enlisted Mandiant and Chainalysis to investigate the incident. The developers added that they are cooperating with law enforcement agencies in the United States and Canada.

In a conversation with Bloomberg, a representative of Cloudflare emphasized that the company's systems "were not hacked," and there are no vulnerabilities in the Workers service.

“Last week we learned about the BadgerDAO incident. We contacted the project team and provided active assistance in the investigation, ”he said.
Nächste Nachricht
telegram-crypto.com © 2016-2024
Non official site about Telegram
Alle Rechte vorbehalten. Das Kopieren und die Verwendung des gesamten Materials ist verboten, ein teilweises Zitieren ist nur mit einem Hyperlink auf die Website telegram-crypto.com möglich.