Turning the Lights Back On
Dec 17, 2021
After a series of thorough checks of smart contracts and Web infrastructure, Badger is turning the lights back on today.
As always, the community is in the lead every step of the way. Per the BadgerDAO governance process, proposals start with general discussion in Discord, followed by a forum signaling vote, and finally a formal vote by BADGER token holders on Snapshot.
This article gives a high level overview of the sequence of events for re-opening Badger and the plans for coming out of this stronger than ever.
Technical Post Mortem: In partnership with cybersecurity firm Mandiant, Badger prepared a technical document outlining the understanding of how the front end attack happened.
Token Tracing, Recovery and Restoration:
Immediately Recoverable: Badger’s emergency management process during the attack led to ~$9.1m being denied to the attacker. Badger Improvement Proposals (BIPs) 76, 77, and 78 proposed an upgrade to Badger smart contracts to block the attacker’s access to these funds and a safe return to the addresses from which they were taken. Following the successful passing of all three, 40% of affected users have had 100% of their stolen funds returned to them.
Restoration of Governance Tokens: In order to restore governance rights to those affected by the attack, BIP 79 proposes the use of treasury BADGER to make users whole and allow them to vote on future proposals focused on further restitution.
Not-immediately Recoverable: Approximately $121m of tokens are not able to be recovered from the hacker so far. Badger has attempted to initiate negotiations with the hacker. Meanwhile, security firm Chainalysis is working with Badger, law enforcement, and centralized exchanges to trace these tokens and the investigation continues.
Unpausing Smart Contracts: When Badger became aware of the attack, smart contracts were paused to stop the exploit and protect users. BIP 77 authorized Badger to reactivate the smart contracts and resume normal operation of the Badger app. As of now, all Badger smart contracts have been reactivated and users are now able to resume normal operations within the app.
Compensation Planning: BadgerDAO members are developing a number of proposals to compensate affected users. This discussion is ongoing in #requests-for-feedback channel of Badger’s Discord server.
Security Review & Upgrades: Following the attack, Badger, together with blockchain and Web2 cybersecurity experts at Mandiant, conducted a full review of our security practices, looking at everything from the smart contract layer, to the app infrastructure, to how we communicate with and educate users.
A number of recommended measures were implemented immediately with a full plan in place for ongoing monitoring and support. In addition, Badger is currently working with cybersecurity firm Halborn to conduct a thorough security audit of new go forward infrastructure.
Check out our latest article detailing the most recent Badger Security Upgrades.
Support & Education: In an effort to continue to improve preventive security measures, Badger is doubling down on support and education to ensure that users have the tools to report any suspicious activity, and verify the integrity of contracts they interact with. More to come on these ongoing efforts.