The phishing attack rigged BadgerDao. As a result, the Defi solution that runs on the top of the Ethereum blockchain has lost more than $130M.
Here is a 1 min summary of the article if you want to skip the reading.
Type of Phishing Attack
Cloudflare Workers had a weak point where it allowed users to create accounts and view global API keys before email verification was completed. Unfortunately, this creates a loophole that allows attackers to gain API access for specific users.
On-Chain Malicious Approval
The attacker used their API access to inject malicious code through Cloudflare Workers, intercepted web3 transactions, and allowed a foreign address approval to operate on ERC-20 tokens in their wallet.
Attackers had several anti-detection techniques, applied and removed their script periodically, and used multiple proxies and VPN IP addresses to hide their true identities.
What Has Really Happened
In plaint English, attackers could create a fake account but without needing to verify their email addresses. And they were able to access users’ data from the database. They can even create their own applications to intercept users’ transactions and create a fake address to execute code and send their funds into the address without letting the administrator to aware of any suspicious activities.
Layer 2 Is Unsecured
The problem of any Defi projects is they launch as quickly without ever letting security audit. When the platform connects to the internet, there are possibilities of attacking from everywhere, 24/7. There is a need for the security protocol of each transaction to execute within the blockchain than moving actual funds on layer 2.
Many hacking incidents caused multiple million dollars to lose. So when can people learn a lesson without losing their clients’ money?
This article is also published in Cryptologist as parnership publication.
PPhoto by Shubham Dhage on Unsplash
Note: the post was shared on multiple platforms.
Check out here from Odysee and join here
You can refer my previous article lists here
Digital Commodities- the Unlimited Resources of Commodities Has Born
Universal Income in Crypto Way
DeFi 1.0 is Officially Dead - Welcome to DeFi 2.0
NFT Has a New Purpose
How Many Ads Are Too Much - Floki Inu Ads Got Backfire
Metaverse - Second Life Era
Bitcoin ATM Adoption and Its Potential Security Vulnerabilities
When Corporations Are Running By Everyone
The Fundamental Value Is Irrelevant
Coinbase At Huge Reputation Crisis
CBDCs' Flaw Design
Regulations Start Hitting Crypto Exchanges
From Bitcoin Standard To Zero-Knowledge Proofs - Decentralization 2.0
Shiba Hits 1 Million Users (Army) Milestone: What is Next?
How To Avoid Crypto Scammers
Shiba Game - When Meme Meets Metaverse
Twitter CEO Steps Down - A Full-Time Bitcoiner
Change of Macroeconomy Landscape
CBDC Is Losing The Game
Doge The Future
El Salvador's Bitcoin
Market Sentiment Has Changed
Brief History of Ethereum and How Ethereum 2.0 May Over Promise
Crypto Is Getting Real
Who Cares If Craig Wright Is The Real Satoshi
Institutional Investors vs. Whales
Disclosure: The article was written by a delusional author who is possibly a nut job without any questions whatsoever about expertise in the subject matters. You should not believe any words this author wrote or you may experience similar symptoms or even possibly become a nut job.