The phishing attack was rigged BadgerDao. As a result, the Defi solution that runs on the top of the Ethereum blockchain has lost more than $130M.
Here is a 1 min summary of the article if you want to skip the reading.
Type of Phishing Attack
Cloudflare Workers had a weak point where it allowed users to create accounts and view global API keys before email verification was completed. Unfortunately, this creates a loophole that allows attackers to gain API access for specific users.
On-Chain Malicious Approval
The attacker used their API access to inject malicious code through Cloudflare Workers, intercepted web3 transactions, and allowed a foreign address approval to operate on ERC-20 tokens in their wallet.
Undetected Mechanics
Attackers had several anti-detection techniques, applied and removed their scrip periodically, and used multiply proxy and VPN IP addresses to hide their true identities.
What Has Really Happened
In plaint English, attackers could create a fake account but without needing to verify their email addresses. And they were able to access users’ data from the database. They can even create their own applications to intercept users’ transactions and create a fake address to execute code and send their funds into the address without letting the administrator to aware of any suspicious activities.
Layer 2 Is Unsecured
The problem of any Defi projects is they launch as quickly without ever letting security audit. When the platform connects to the internet, there are possibilities of attacking from everywhere, 24/7. There is a need for the security protocol of each transaction to execute within the blockchain than moving actual funds on layer 2.
In Conclusion
Many hacking incidents caused multiple million dollars to lose. So when can people learn a lesson without losing their clients’ money?
This article is partnered with Cryptologist.
Photo by Shubham Dhage on Unsplash
Disclosure: The article was written by a delusional author who is possibly a nut job without any questions whatsoever about expertise in the subject matters. You should not believe any words this author wrote or you may experience similar symptoms or even possibly become a nut job.
Resources
Comments