Verify a decision

{"actor":"system:backfill","investigation_id":"5b1809fe-7e2c-473d-8f92-a6b7c0dce49b","kind":"publish","page_slug":"badger-dao","published_at":"2026-05-20T18:44:22.484Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Badger DAO","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://badgerdao.medium.com/introducing-badger-dao-ed47a586c619"},{"credibility":3,"name":"","type":"other","url":"https://www.kraken.com/learn/what-is-badger-dao"},{"credibility":3,"name":"","type":"other","url":"https://iq.wiki/wiki/badgerdao"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2021/12/10/badgerdao-reveals-details-of-how-it-was-hacked-for-120m"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-badgerdao-hack-december-2021"},{"credibility":3,"name":"","type":"other","url":"https://zengo.com/the-badgerdao-hack-what-really-happened-and-why-it-matters/"},{"credibility":3,"name":"","type":"other","url":"https://www.bloomberg.com/news/articles/2021-12-10/badgerdao-says-cloudflare-flaw-led-to-130-million-heist"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/126072/defi-protocol-badgerdao-exploited-for-120-million-in-front-end-attack"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/badgerdao-post-mortem-details-fourth-largest-defi-exploit/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://blockworks.co/news/hackers-drain-115-million-from-bitcoin-defi-focused-badgerdao"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/markets/2021/12/03/crypto-lender-celsius-admits-losses-in-120m-badgerdao-hack"},{"credibility":3,"name":"","type":"other","url":"https://cryptopotato.com/celsius-network-reportedly-lost-50-million-in-the-120-million-badgerdao-hack/"},{"credibility":3,"name":"","type":"other","url":"https://www.chainalysis.com/blog/chainalysis-podcast-episode-6-badgerdao-hack/"},{"credibility":3,"name":"","type":"other","url":"https://forta.org/blog/how-to-derail-a-120-million-dollar-hack/"},{"credibility":3,"name":"","type":"other","url":"https://dailycoin.com/single-user-loses-50-million-bitcoin-in-badger-dao-hack/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2021/12/16/after-130m-hack-badgers-restitution-plan-tests-limits-of-dao-governance"},{"credibility":3,"name":"","type":"other","url":"https://ambcrypto.com/badgerdao-reveals-cause-behind-exploit-details-recovery-plan/"},{"credibility":3,"name":"","type":"other","url":"https://forum.badger.finance/t/bip-77-reactivate-smart-contracts-and-recover-funds/5178"},{"credibility":3,"name":"","type":"other","url":"https://www.dirtybubblemedia.com/p/an-inexplicable-error-cost-celsius"},{"credibility":3,"name":"","type":"other","url":"https://www.hoptrail.io/post/badgerdao-exploit-illustrating-celsius-poor-controls"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/badger-dao"},{"credibility":3,"name":"","type":"other","url":"https://www.tradingview.com/news/coindar:c3b007e7c094b:0-badger-dao-to-be-delisted-from-binance-on-april-16th/"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptotimes.io/2025/04/09/binance-to-delist-14-tokens-after-community-vote/"},{"credibility":3,"name":"","type":"other","url":"https://coinmarketcap.com/cmc-ai/badger-dao/latest-updates/"},{"credibility":3,"name":"","type":"other","url":"https://redefine.net/media/badger-dao-attack/"},{"credibility":3,"name":"","type":"other","url":"https://www.microsoft.com/en-us/security/blog/2022/02/16/ice-phishing-on-the-blockchain/"}]}],"sources_used":[],"summary":"Badger DAO is a decentralized autonomous organization and DeFi protocol launched in December 2020 focused on generating yield on Bitcoin-backed assets via Ethereum-based vaults. In December 2021, a front-end attack exploiting a compromised Cloudflare API key resulted in approximately $120–130 million in user funds being drained across roughly 500 wallets. As of 2025, the protocol has seen significant decline: its flagship eBTC product was sunset, BADGER was delisted from Binance, and total value locked has fallen to low single-digit millions.","timeline":[{"date":"2020-09-01","event":"Badger DAO founded by Chris Spadafora, Ameer Rosic, Albert Castellana, and Alberto Cevallos.","source":""},{"date":"2020-12-01","event":"Badger DAO publicly launches with BADGER token fair distribution and Sett Vaults product.","source":""},{"date":"2021-08-01","event":"Alleged: Three unauthorized accounts created and granted Cloudflare API keys without authorization, exploiting a flaw in Cloudflare's email verification process.","source":""},{"date":"2021-09-15","event":"Badger team unknowingly completes account creation for one of the pre-seeded compromised Cloudflare accounts.","source":""},{"date":"2021-11-10","event":"Attacker begins periodically injecting malicious JavaScript via Cloudflare Workers into BadgerDAO's web application routes.","source":""},{"date":"2021-11-20","event":"Attacker obtains the first successful unauthorized ERC-20 approval from a user wallet.","source":""},{"date":"2021-12-01","event":"Largest single victim — a wallet alleged to be associated with Celsius Network — approves attacker access to 896 Wrapped Bitcoin (~$50 million). Attacker begins mass withdrawal of funds across all accumulated approvals.","source":""},{"date":"2021-12-02","event":"BadgerDAO detects the exploit and freezes all smart contract transferFrom calls, halting further theft. PeckShield estimates losses of approximately 2,100 BTC and 151 ETH (~$120 million).","source":""},{"date":"2021-12-03","event":"Celsius Network publicly confirms it suffered losses in the BadgerDAO exploit.","source":""},{"date":"2021-12-10","event":"BadgerDAO publishes post-incident disclosure attributing the breach to a compromised Cloudflare API key and maliciously injected script.","source":""},{"date":"2021-12-16","event":"Governance proposals BIP-76, BIP-77, and BIP-78 introduced to authorize seizure of ~$9.2 million in recoverable attacker-held vault tokens and begin restitution.","source":""},{"date":"2022-01-01","event":"Protocol relaunches after third-party audits of web2 and web3 infrastructure are completed.","source":""},{"date":"2022-07-01","event":"Celsius Network files for bankruptcy. Subsequent reporting reveals Celsius forfeited ~$22 million in BadgerDAO restitution entitlements due to an administrative error in its claims process.","source":""},{"date":"2025-04-16","event":"Binance delists BADGER following a community vote-to-delist, citing low trading volume and development activity.","source":""},{"date":"2025-06-11","event":"BadgerDAO Treasury Council announces sunset of the eBTC protocol, citing failure to achieve product-market fit and insufficient TVL to sustain revenue.","source":""},{"date":"2025-06-17","event":"Crypto.com delists BADGER token.","source":""},{"date":"2025-07-25","event":"OKX announces delisting of BADGER/USDT perpetual contracts.","source":""}]},"v":1}