According to an article in The Verge, members of the BadgerDAO team have informed users that they think the problem stems from someone injecting a malicious script into their website’s user interface.
When visitors connected with the site while the malicious script was running, it intercepted Web3 transactions and inserted a query to transfer the victim’s tokens to the attacker’s specified address. The good news is that, since the platform is open, everyone can observe what occurred once the attackers started their script.
According to Peckshield, one transaction deposited 896 Bitcoins worth over $50 million in the attacker’s account. The malicious script first appeared on the BadgetDAO website on November 10, and the attackers executed it at irregular intervals to escape detection. Nevertheless, immediately the BadgerDAO system detected the flaw, it froze all smart contracts, effectively stopping the platform, and instructed users to deny any transactions to the attacker’s address.
“Badger has engaged data forensics specialists Chainalysis to investigate the full scope of the issue; authorities in the United States and Canada have been notified; and Badger is working in conjunction with external investigations while also conducting its own,” the business stated in a tweet.
While the assault did not disclose any particular flaws in the Blockchain, they were able to take advantage of the web 2.0 technologies utilized to carry out transactions.