Chainalysis Helps Track $120 Million Stolen From BadgerDAO

Reading Time: 2 minutes
  • Blockchain analysis firm Chainalysis has been hired by BagerDAO to help with the hack on its platform
  • BadgerDAO users lost some $120 million worth of cryptocurrency due to a website infiltration
  • Chainalysis will try to track the movement of the stolen coins

Blockchain tracing firm Chainalysis has been brought in to track the funds stolen this week in the $120 million BadgerDAO hack. The funds were stolen on Wednesday with the attack seemingly emanating from malicious code added to the BadgerDAO website, but a full post mortem has not yet been forthcoming from the BadgerDao team.

BadgerDAO Hack Drained User Funds

BadgerDAO tweeted on Wednesday that it had “received reports of unauthorized withdrawals of user funds” which turned out to be an understatement – security firm Peckshield reported in the early hours of yesterday that the amount of stolen funds amounted to some $120 million across a number of assets including BTC and ETH.

Unlike other hacks on DeFi protocols which have seen company reserves stolen, the money taken in the BadgerDAO hack was made up of user funds, which is magnitudes more damaging. Indeed, one tweet that soon made the rounds of crypto Twitter alluded to how damaging it might just be:

Chainalysis Hoping to Track Stolen Funds

Peckshield had more positive news for BadgerDAO users when it tweeted the morning after the hack that it “looks like good progress has been made” without expanding on what that good news might be. BadgerDAO offered an update last night which brought no further information but did reveal the presence of Chainalysis in helping to track down the “passage and ultimate destination of the funds”:

While a formal methodology for the hack is yet to be published, BadgerDAO team members have revealed to individual users that they believe the issue came from someone inserting a malicious script in the UI of their website. Any users who interacted with the site when the script was active would lead to interception of Web3 transactions and insert a request to transfer the victim’s tokens to the hacker’s address. The code appeared as early as November 10th, with the attackers apparently running it at seemingly random intervals to avoid detection.

Those affected by the BadgerDAO attack will be waiting with bated breath to see the official report of the hack but more likely waiting to find out if their losses will be honored.