It appears that crypto lending firm Celsius Network was also affected by this week’s BadgerDAO hack. The firm reportedly lost $55 million worth of wrapped bitcoin (wBTC).
Hacker Steals $120 Million worth of wBTC
CryptoPotato reported over the week how hackers managed to steal around $120 million from BadgerDAO – a decentralized autonomous organization that allows users to put bitcoin as collateral across DeFi applications.
The attacker compromised the DAO’s front end. The BadgerDAO team is currently investigating the exploit with the help of blockchain forensic experts from Chainalysis.
https://t.co/lZwmUpbgg0 front end/dns was hacked.
User is sneaking in approvals in between legit deposit and reward transactions. He has been stealing funds for approx 12 days so far. Exploit is still live.
short $BADGER to namek
🚨 insider rug alert 🚨 🧸🎯
— napgener 0xBearMarket (@napgener) December 2, 2021
Several users were complaining about receiving unusual requests for additional permissions in their accounts. The attacker managed to add a script to the frontend that tricked users to provide access to the hacker to drain the funds from their wallets.
Engineers from BridgerDAO have suspended all smart contracts to prevent further withdrawals while analysts from Chainalysis investigate the incident. At first, the amount stolen was estimated to be around $100 million, but new data from blockchain security firm PeckShield indicated that total losses amounted to over $120 million.
This hack comes shortly after MonoX, a DeFi finance protocol, was compromised for over 30 million on Nov. 30.
Celsius Network May Have Been The Biggest Victim
There’s one address that lost 896 wrapped bitcoin, or around $51 million, making it the biggest victim from the hack. On-chain data from Etherscan suggest the address – starting with 0x534 – could be linked to Celsius Network as it has already transacted with other wallets owned by the lending firm, one of them tagged as “Celsius Network Wallet 5.”
In a Twitter thread, a user by the name BigTimeCali shared several transactions made by the wallet, adding that Celsius deleted any comments related to the hack on its Reddit page.
How Celsius lost $50,000,000 today and why wannabe bankers are easy prey to the crypto-savvy. Should investors & users be weary?
TLDR: Celsius banked on BadgerDAO, which was just hacked for $120m and it was the biggest loser. 1/x*n
— BigTimeCali | EGLD $2k | BTC ^ (@BigTimeCali) December 2, 2021
The address holder seems to be a large whale that often makes seven figures transactions and closely operates with a wallet with over $67 million, $40 million of which are held in Celsius native token CEL. This is not conclusive; however, it strongly suggests that Celsius is behind the wallet, but the lending firm has refused to make any statements about the hack.