Finance
Share this article

BadgerDAO Reveals Details of How It Was Hacked for $120M

The DeFi platform said an application platform that runs on its cloud network was the vector for the attack.

By Nelson Wang
Updated May 11, 2023, 5:47 p.m. Published Dec 10, 2021, 11:25 p.m.
Japanese Exchange Liquid Global Hacked, $90M in Crypto Potentially Stolen
Japanese Exchange Liquid Global Hacked, $90M in Crypto Potentially Stolen

In a blog post this week, decentralized finance platform BadgerDAO provided details of how it was exploited for $120 million earlier this month.

  • BadgerDAO said a phishing incident that occurred on Dec. 2 was caused by “a maliciously injected snippet” from Cloudflare, an application platform that runs on Badger’s cloud network.
  • The hacker used a compromised API key that was created without the knowledge or authorization of Badger engineers to periodically inject the malicious code that affected a subset of its customers.
  • The hacker ultimately stole $130 million in funds, but approximately $9 million of that was recoverable since those funds were transferred by the hacker but not yet withdrawn from Badger’s vaults.
  • Badger has since patched the Cloudflare exploit, updated Cloudfare’s account password and deleted or freshened API keys where possible.
  • Badger hired cybersecurity firm Mandiant and blockchain analysis firm Chainalysis to investigate the exploit, and is working with both companies, as well as authorities in the U.S. and Canada, to recover any funds possible.
ExploitsDeFi

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Crypto Firm Tether Says It Wants to Take Over Italian Football Club Juventus

By Krisztian Sandor|Edited by Cheyenne Ligon
1 hour ago
Tether CEO Paolo Ardoino at White House

The issuer behind the most popular stablecoin said that if the bid succeeds, it prepares to invest $1 billion in the football club.

What to know:

  • Tether said it aims to take over popular Italian football club Juventus FC.
  • The firm proposed to acquire Exor's 65.4% stake in an all-cash offer, and intends to make a public offer for the rest of the shares.
  • Tether reported net profits exceeding $10 billion this year, while its flagship token USDT is the world's dominant stablecoin with a $186 billion market capitalization.
Read full story