It’s holiday season, but not for the hackers 😬
This week two exploits have shaken already feverish crypto markets.
🦹 On Thursday BadgerDAO, an Ethereum-based DeFi protocol that allows to stake Bitcoin and earn yields, announced having discovered an “unauthorized withdrawal of user funds”.
The platform fell victim to a front-end attack, which led some BadgerDAO users to approve a malicious contract that resulted in the loss of approximately $120M. The DAO has since paused its smart contracts, while trying to investigate the hack and figure out a remedial action.
A crypto lending company Celsius, which kept a part of its funds at BadgerDAO, has become a collateral victim, losing $51M.
🦹 Second hack of the week targeted a crypto exchange Bitmart, based in the Cayman Islands. The company announced today a large-scale security breach related to its ETH and BSC hot wallets, wich led to $150M ($200M according to Peckshield) worth of crypto stolen.
Centralized exchanges now keep most of their funds in a cold wallet, and usually have their hot wallet funds insured to be able to reimburse the users in case of a hack. Bitmart has not yet shared its compensation plan, but we hope that all victims could be reimbursed.
In the meantime, it is always good to remember to keep most of your (non-working) crypto funds in a hard wallet, and diversify your DeFi placements.