Reading time: ~ 2 m
Team DeFi-protocol BadgerDAO revealed the details of a recent hack and reported that during the attack, the hackers used the Cloudflare Workers service, which allows them to deploy scripts on the company’s cloud network.
We believe that all remediation decisions should be made as a community with strong consideration for the long term health of the DAO and victims of this incident.
You can review a detailed technical post mortem of the incident below.
— ₿adgerDAO 🦡 (@BadgerDAO) December 10, 2021
The developers took notice of a post that appeared on the Cloudflare forum at the end of September. One participant noticed that unauthorized users can register accounts and create and view API– tokens that cannot be deleted or deactivated until the completion of the email verification.
After completing these steps, an attacker can wait for the account to be verified and completed, thus gaining access to the API.
After the incident, the BadgerDAO team analyzed the Cloudflare logs and found traces of unauthorized account registration and key generation for three APIs.
In mid-September, developers “unknowingly completed account registration” for one of the compromised interfaces, which was “used for legitimate Cloudflare management activities.”
“The user interface does not make it clear that the account has already been created, so a key was generated for the API. On November 10, an attacker used API access to inject malicious scripts through Cloudflare Workers into the html file of the app.badger.com website, ”the developers wrote.
The hacker stole assets worth more than $ 130 million, but about $ 9 million can be returned, since they have not yet been removed from the protocol vaults. Thus, the damage exceeded $ 121 million.
Assets stolen by a hacker. Data: BadgerDAO.
The project team reported that it has already closed the exploit that made the attack possible, updated the password for the Cloudflare account, and deleted or updated the API keys.
Since the hacker has not yet been identified, BadgerDAO enlisted Mandiant and Chainalysis to investigate the incident. The developers added that they are cooperating with law enforcement agencies in the United States and Canada.
In a conversation with Bloomberg, a representative of Cloudflare emphasized that the company’s systems “were not hacked,” and there are no vulnerabilities in the Workers service.
“Last week we learned about the BadgerDAO incident. We contacted the project team and provided active assistance in the investigation, ”he said.
As a reminder, in September, unknown persons obtained unauthorized access to Bitcoin.org and posted a fraudulent announcement on the distribution of cryptocurrency on its main page. Site operator Cobra suggested that the issue could be related to Cloudflare’s services.
#DeFi #project #BadgerDAO #team #reveals #million #hack #details