The phishing attack was rigged BadgerDao. As a result, the Defi solution that runs on the top of the Ethereum blockchain has lost more than $130M.

Here is a 1 min summary of the article if you want to skip the reading.

Type of Phishing Attack

Cloudflare Workers had a weak point where it allowed users to create accounts and view global API keys before email verification was completed. Unfortunately, this creates a loophole that allows attackers to gain API access for specific users.

On-Chain Malicious Approval

The attacker used their API access to inject malicious code through Cloudflare Workers, intercepted web3 transactions, and allowed a foreign address approval to operate on ERC-20 tokens in their wallet.

Undetected Mechanics

Attackers had several anti-detection techniques, applied and removed their scrip periodically, and used multiply proxy and VPN IP addresses to hide their true identities.

What Has Really Happened

In plaint English, attackers could create a fake account but without needing to verify their email addresses. And they were able to access users’ data from the database. They can even create their own applications to intercept users’ transactions and create a fake address to execute code and send their funds into the address without letting the administrator to aware of any suspicious activities.

Layer 2 Is Unsecured

The problem of any Defi projects is they launch as quickly without ever letting security audit. When the platform connects to the internet, there are possibilities of attacking from everywhere, 24/7. There is a need for the security protocol of each transaction to execute within the blockchain than moving actual funds on layer 2.

In Conclusion

Many hacking incidents caused multiple million dollars to lose. So when can people learn a lesson without losing their clients’ money?

The phishing attack was rigged BadgerDao. As a result, the Defi solution that runs on the top of the Ethereum blockchain has lost more than $130M.

Here is a 1 min summary of the article if you want to skip the reading.

Type of Phishing Attack

Cloudflare Workers had a weak point where it allowed users to create accounts and view global API keys before email verification was completed. Unfortunately, this creates a loophole that allows attackers to gain API access for specific users.

On-Chain Malicious Approval

The attacker used their API access to inject malicious code through Cloudflare Workers, intercepted web3 transactions, and allowed a foreign address approval to operate on ERC-20 tokens in their wallet.

Undetected Mechanics

Attackers had several anti-detection techniques, applied and removed their scrip periodically, and used multiply proxy and VPN IP addresses to hide their true identities.

What Has Really Happened

In plaint English, attackers could create a fake account but without needing to verify their email addresses. And they were able to access users’ data from the database. They can even create their own applications to intercept users’ transactions and create a fake address to execute code and send their funds into the address without letting the administrator to aware of any suspicious activities.

Layer 2 Is Unsecured

The problem of any Defi projects is they launch as quickly without ever letting security audit. When the platform connects to the internet, there are possibilities of attacking from everywhere, 24/7. There is a need for the security protocol of each transaction to execute within the blockchain than moving actual funds on layer 2.

In Conclusion

Many hacking incidents caused multiple million dollars to lose. So when can people learn a lesson without losing their clients’ money?