How to Protect Yourself From The Next BadgerDAO Attack

Amitai Ruskin, Michael Belenky December 8,2021

In 2021, the DeFi ecosystem grew by over 20x, attracting millions of investors hoping to get a piece of the action. The rise of DeFi popularity also led to scams and hacks that in 2021 alone resulted in $1.6B+ of stolen funds. During the past few weeks, there was a spike in hacked DeFi projects, including bZx, SnowDog, Monox, and most recently BadgerDAO.

At Redefine, we believe in the DeFi vision and are continuously improving DeFi users’ security. The recent barrage of attacks is setting our industry back and giving it a bad reputation. We must improve the industry security standards to prevent these attacks from happening.

This article sheds light on the BadgerDAO attack and demonstrates the need for a more comprehensive approach to DeFi security.

BadgerDAO

BadgerDAO is a Decentralized Autonomous Organization whose main objective is to bring Bitcoin to DeFi by offering products built around BTC like ibBTC, Sett Vaults, and Digg.

BadgerDAO, known for its emphasis on security and user safety, has been audited many times and was among the first in DeFi to use a guarded launch strategy. In addition, it partnered with Nexus Mutual to offer insurance with very low premiums, signaling its faith in the platform’s security.

The hacking of a reputable project as BadgerDAO is always a concerning event because it undermines the integrity of the ecosystem and shakes the confidence of investors. Therefore it is important to investigate the attack and learn from it.

The Attack

On Wednesday, December 1, 2021, BadgerDAO suffered an attack that resulted in the theft of investor funds to the tune of 120 million USD. The attacker transferred funds from multiple users after tricking them into approving a malicious spender. According to PeckShield, which assisted in the postmortem investigation, the first of these approvals occurred as early as November 20 of this year.

About Approvals

It is essential to know how the approve function works to understand the mechanics of the attack. Because of the way ERC-20 (the most common Ethereum token standard) is designed, users can’t just send tokens to a DeFi platform; they must ‘Approve’ the platform to ‘spend’ the tokens on the user’s behalf.

This is done by signing and sending an approve transaction to the designated DeFi platform giving the smart contract permission to act as a ‘spender’ and access a certain number of tokens from a user’s wallet.

This functionality makes it critical to carefully control which contracts are approved as spenders and what amount of tokens are allowed to be spent. The BadgerDAO hack made use of this Approval functionality in order to get the user to sign on a malicious transaction - this is explained in more detail below.

Attack Breakdown

Unlike common attacks on DeFi protocols, this attack did not originate from a smart contract exploit, nor is it related in any way to the project's business logic. The attack on BadgerDAO was executed by exploiting vulnerabilities in the frontend of the dApp.

Frontends are not strictly necessary for interacting with DeFi protocols but are meant to improve the user experience. Most users choose to use the protocol’s web app and frontend rather than write their own code to interact with contracts. This makes the frontend and web app an inseparable part of the DeFi platform and adds to the potential attack surface. Typically, frontends are hosted and served in a traditional “centralized” manner, making them susceptible to traditional web application security risks.

This indeed was the case in the attack this month. According to the BadgerDAO discord, the protocol’s frontend was exploited by the injection of malicious javascript into the web app. The attackers took advantage of a compromised Cloudflare API key and modified one or more routes to serve the malicious script. This script altered the behavior of the app. Whenever app users deposited or withdrew funds the app would trick users into thinking that they were authorizing a legitimate transaction. In fact, they were approving a malicious spender address for an unlimited amount of tokens.

The attackers also used a less common ERC-20 method to request approvals (calling IncreaseAllowance()), presumably to better mask the true purpose of the malicious transaction.

As the Badger team became aware of the attack, they managed to pause the contracts so that no further transfers could be made.

The attacker managed to get away with ~2.1K BTC and 151 ETH.

Conclusion

Currently, the options available for evaluating the safety and security of a DeFi platform before investing, rely heavily on reviewing the smart contract’s source code and professional audits. The BadgerDAO attack demonstrated that these steps are not enough and instead, investors should widen their scope and take into account many different risk factors when evaluating risk. Even the most decentralized DeFi projects usually have centralized components that are vulnerable to classic exploits like phishing, and social engineering.

Redefine’s holistic solution offers multiple layers of security, three of which would have identified the BadgerDao attack in real time and could have protected investors from it. Interested in learning more? Contact us!

,

You Might Also Like:

Permit Messages and Permit 2: Enhancing DeFi Security Amidst Emerging Risks

February 6,2024/5 min read

Explore the cutting edge of DeFi security with "Permit Messages and Permit 2: Enhancing DeFi Security Amidst Emerging Risks." This blog post delves into the innovative permit message technology and its evolution with Permit 2, highlighting their role in secure and efficient DeFi transactions. Despite their advancements, we uncover potential risks, including phishing attacks and smart contract vulnerabilities. Learn from past incidents and gain practical tips to protect your digital assets. This concise guide equips you with the knowledge to navigate the complex DeFi landscape safely.

Read More