Episode 6 of Public Key, the Chainalysis podcast, is here! In this episode, we’ll be breaking down the BadgerDAO hack that occurred late last year, in which over $120 million worth of cryptocurrency was stolen. Please note that BadgerDAO is a Chainalysis customer.
You can listen or subscribe now on Spotify, Apple, or Audible. Keep reading for a full preview of episode 6.
Public Key Episode 6 preview: Cloudflare exploits, recycled crypto addresses and challenges in transitioning from web2 to web3
The BadgerDAO hack was one of the most unique in a string of DeFi hacks that have taken place in 2021 and 2022. Over $120 Million of user funds were siphoned out of the DAO due to compromised API keys and a malicious exploit in the Cloudflare infrastructure, an application platform that ran on Badger’s cloud network.
In this episode of Public Key, our host, Ian Andrews (CMO at Chainalysis) along with his colleague, Beth Bisbee (Head of US Investigations) dive deep into the nuances of the hack and identify how the exploit took place, how blockchain investigation tools like Reactor played a crucial part in the tracing of the stolen funds, and how hacks like this may be avoided in the future. This is an important episode for those that are transitioning into web3 with a reliance on web2 applications and technology.
Quote of the episode
And so we were able to look at some of the transactions that occurred before the hack to… build out a story from the blockchain, if you will, of how he was actually able to get those funds. And so we were able to do that with Chainalysis Software, Reactor in order to build out that story and provide leads to the law enforcement entities involved.– Beth Bisbee (Head of US Investigations at Chainalysis)
Minute-by-minute episode breakdown
- (4:45) – Understanding the BadgerDAO organization and how they bring Bitcoin to the Decentralized Finance (DeFi) space
- (7:30 – How did the BadgerDAO hack occur and where did the exploit take place
- (9:33) – Why it was so difficult to users to notice the hack or unusual activity
- (11:00) – How the hacker was able to exploit API keys and gain access to developer email address
- (16:35) – How was the hack identified and how the community escalated the issue
- (18:18) – What leads can be identified pre the attack in order to better chances of catching the hackers
- (22:40) – Explaining the investigative process when a hack happens on the blockchain
- (26:30) – How to safely transition from web2 to web3 on DAOs and DeFi platforms
- (28:25) – The emergence of multifactor hardware based authentication
Related resources
Check out more resources provided by Chainalysis that perfectly complement this episode of the Public Key.
- Registration: Chainalysis Links Conference (May 18-19, 2022)
- Blog: Defi Hacks Are on the Rise
- CoinDesk Article: BadgerDAO Reveals Details of How It Was Hacked for $120M
- Report: The Chainalysis 2022 Crypto Crime Report
Speakers on today’s episode
- Ian Andrews * Host * (Chief Marketing Officer, Chainalysis) https://www.linkedin.com/in/ianhandrews
- Beth Bisbee (Head of US Investigations, Chainalysis)
https://www.linkedin.com/in/beth-bisbee-49253932
Please note that BadgerDAO is a Chainalysis customer.
This website may contain links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
Our podcasts are for informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.
Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Chainalysis. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Chainalysis employees are those of the employees and do not necessarily reflect the views of the company.