Badger DAO

Hacked

DeFi · $BADGER · born 2020 · ✝ 2021

The smart contracts were fine — the website was the exploit.

Badger DAO was a Bitcoin-on-DeFi protocol. In December 2021 attackers injected malicious code into its Cloudflare-hosted front end, tricking users into approving token transfers that drained ~$120M.

Peak: ~$120M stolen
Cause: Hacked
Year of death: 2021

☠️ Cause of death

A compromised Cloudflare API key let attackers serve a poisoned front end that inserted approval transactions. The on-chain contracts were never breached — users signed away their own tokens.

📓 Lessons left behind

—Your front end is part of your attack surface.
—A secure contract with a hijacked UI is still a drained protocol.
—Monitor and lock down web infrastructure like you do smart contracts.

🌱 The idea that survived

Front-end integrity & wallet warnings

Wallets added approval simulation and warnings, and protocols hardened web infra, after Badger proved the UI is exploitable.

#defi#front-end#approval#supply-chain