[BreachExchange] Crypto Company to Hackers: Give Back Our $119M
Terrell Byrd
terrell.byrd at riskbasedsecurity.com
Tue Dec 7 09:53:52 EST 2021
https://www.pymnts.com/cryptocurrency/2021/crypto-company-to-hackers-give-back-our-119m/
The blockchain company BadgerDAO has a message for whoever stole $119
million in cryptocurrency from its platform: Please give it back.
As Vice reported on Monday (Dec. 6), a hacker – or group of hackers – took
around 2,100 in bitcoin (worth $118.5 million) and 151 in Ethereum
($679,000) last week.
“You have taken funds that do not belong to you, but we are willing to work
with you and compensate you for identifying this vulnerability in the
systems,” BadgerDAO said in a public announcement. “We are providing you
with a direct line of communication to discuss a peaceful resolution
without involving any outside parties. Contact us to discuss further and do
the right thing on behalf of the community.”
According to the Vice story, the hacker/hackers carried out the theft by
stealing an API key that let them control BadgerDAO’s Cloudflare account.
That enabled them to insert a malicious script onto the site, which
prompted customers to turn over wallet permissions.
This is at least the second time this year a crypto platform has asked
hackers to return what they stole. And in the case of the hack on Poly
Networks in August – a much larger theft than the attack on BadgerDAO – the
request worked.
As PYMNTS reported at the time, the so-called “white-hat” hacker exploited
a vulnerability in the crypto Poly Network’s system to steal $610 million
in digital currency. The company responded by putting up $500,000 to
encourage the hackers to return the funds. The hackers eventually returned
the stolen funds, transferring them to addresses on Ethereum, Binance Smart
Chain and Polygon. Poly Network said it did not intend to pursue criminal
charges for the theft.
News of this hack comes just days after a report that hackers stole $196
million in cryptocurrency from BitMart: $100 million on the Ethereum
blockchain and $96 million from the Binance Smart Chain.
BitMart initially denied the hack, calling it “fake news” and saying the
outflows were standard withdrawals, before confirming the breach hours
later.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211207/258f0ae3/attachment.html>
More information about the BreachExchange
mailing list