Summary
Badger DAO is a decentralized autonomous organization and DeFi protocol launched in December 2020 focused on generating yield on Bitcoin-backed assets via Ethereum-based vaults. In December 2021, a front-end attack exploiting a compromised Cloudflare API key resulted in approximately $120–130 million in user funds being drained across roughly 500 wallets. As of 2025, the protocol has seen significant decline: its flagship eBTC product was sunset, BADGER was delisted from Binance, and total value locked has fallen to low single-digit millions.
Connected Entities
1 entities- + 7 more
Timeline(17 events)
2020-09-01
Badger DAO founded by Chris Spadafora, Ameer Rosic, Albert Castellana, and Alberto Cevallos.
2020-12-01
Badger DAO publicly launches with BADGER token fair distribution and Sett Vaults product.
2021-08-01
Alleged: Three unauthorized accounts created and granted Cloudflare API keys without authorization, exploiting a flaw in Cloudflare's email verification process.
2021-09-15
Badger team unknowingly completes account creation for one of the pre-seeded compromised Cloudflare accounts.
2021-11-10
Attacker begins periodically injecting malicious JavaScript via Cloudflare Workers into BadgerDAO's web application routes.
2021-11-20
Attacker obtains the first successful unauthorized ERC-20 approval from a user wallet.
2021-12-01
Largest single victim — a wallet alleged to be associated with Celsius Network — approves attacker access to 896 Wrapped Bitcoin (~$50 million). Attacker begins mass withdrawal of funds across all accumulated approvals.
2021-12-02
BadgerDAO detects the exploit and freezes all smart contract transferFrom calls, halting further theft. PeckShield estimates losses of approximately 2,100 BTC and 151 ETH (~$120 million).
2021-12-03
Celsius Network publicly confirms it suffered losses in the BadgerDAO exploit.
2021-12-10
BadgerDAO publishes post-incident disclosure attributing the breach to a compromised Cloudflare API key and maliciously injected script.
2021-12-16
Governance proposals BIP-76, BIP-77, and BIP-78 introduced to authorize seizure of ~$9.2 million in recoverable attacker-held vault tokens and begin restitution.
2022-01-01
Protocol relaunches after third-party audits of web2 and web3 infrastructure are completed.
2022-07-01
Celsius Network files for bankruptcy. Subsequent reporting reveals Celsius forfeited ~$22 million in BadgerDAO restitution entitlements due to an administrative error in its claims process.
2025-04-16
Binance delists BADGER following a community vote-to-delist, citing low trading volume and development activity.
2025-06-11
BadgerDAO Treasury Council announces sunset of the eBTC protocol, citing failure to achieve product-market fit and insufficient TVL to sustain revenue.
2025-06-17
Crypto.com delists BADGER token.
2025-07-25
OKX announces delisting of BADGER/USDT perpetual contracts.
Decision Log
- hash: HDmkvyYASoNNsxJX9USHE4Fnnj4ZApRXUAqSKmp9Sar9
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-5
generated: 5/4/2026, 2:54:52 AM
last updated: 5/20/2026, 6:44:22 PM
avoid.net — verified advice for a post-truth world