Hacked Cryptocurrency Platform Begs Hacker To Return $ 119 Million
Piracy. Disinformation. Monitoring. CYBER is Motherboard’s podcast and feature story on the dark underbelly of the Internet.
Last week, an unknown hacker (s) stole around 2,100 BTC ($ 118,500,000) and 151 ETH ($ 679,000) in cryptocurrency tokens from a blockchain company called BadgerDAO.
Now, the BadgerDAO blockchain “bridge” protocol is begging the hacker to return the stolen funds.
“You have taken funds that do not belong to you, but we are ready to work with you and compensate you for identifying this vulnerability in the systems,” BadgerDAO wrote in a public announcement. “We provide you with a direct line of communication to discuss a peaceful resolution without involving any outside parties. Contact us to discuss it further and do the right thing on behalf of the community.
The BadgerDAO hack took advantage of an old-fashioned web attack: The hacker managed to steal an API key that allowed him to control BadgerDAO’s account on Cloudflare, the project’s content delivery network for his site. This gave the hacker the ability to inject a malicious script into the site that tricked users into relinquishing wallet permissions, which in turn allowed hackers to steal customers’ cryptocurrency.
Are you looking for vulnerabilities in cryptocurrencies and their networks? We would love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr / Telegram / Wire @lorenzofb, or by email at [email protected]
While asking a thief to return the proceeds of his heist may seem like a hopeless and hopeless strategy, it has already worked.
Earlier this year, the popular Poly Network cryptocurrency platform was hacked and lost around $ 600 million. The company issued a public letter to the hacker, calling them “Dear hacker” and “Mr. White Hat”, appealing to their goodwill. Surprisingly, after several public exchanges posted on the blockchain, the strategy worked and the hacker finally returned all the stolen funds.
Those involved in BadgerDAO are, for now, cautious about whether it will work.
“[I am] not comfortable publicly sharing my personal opinion on this. We have professionals running the strategy and we don’t want to affect it, ”a member of Team Badger’s core team, named Jonto, told Motherboard in an online chat. “The team is largely focused on reopening the protocol and compensation plans to submit to the community for discussion.”
It’s been a really bad week for cryptocurrency projects and exchanges. Over the weekend, hackers stole around $ 150 million from BitMart, an exchange billed as “the most trusted crypto trading platform.” The company has pledged to use its own reserve funds to compensate victims, and so far it has not asked the hacker to return the loot.
Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.