Crypto lender Celsius Network lost funds in a recent cyber hack, the latest decentralized finance (DeFi) attack that comes amid a broad retrenchment in cryptocurrencies.
On Wednesday night, BadgerDAO, a decentralized autonomous organization (DAO) which builds DeFi products using Bitcoin as collateral, announced over its Discord it would halt the functioning of its products after reports of “unauthorized withdrawals of user funds.”
During an “ask me anything” (AMA) session on Friday, Celsius Network CEO Alex Mashinsky acknowledged the heist, but would not confirm the amount of crypto stolen. Yet via Etherscan data, up to 594 BTC of the stolen funds has been linked to a Celsius Network-related wallet.
As of Friday’s close, that translated into at least $32 million worth of Bitcoin (BTC-USD) — and is likely to be even higher based on known Celsius Network wallet information, BadgerDAO community members, and a deepening selloff in digital coins that drove Bitcoin below $50,000 on Saturday.
“It wasn’t a Celsius hack. It was a Badger hack. But some of the Celsius funds were there, so Celsius lost money. But none of the Celsius [customers] lost money,” Mashinsky insisted in a live Youtube AMA. “We’re working with Badger to recover those funds,” he added.
BadgerDAO has alerted law enforcement in both the U.S. and Canada, in addition to seeking help from the blockchain forensics company, Chainalysis. The group has determined between $115 to $120 million in wrapped-Bitcoin (WBTC), a tokenized representation of Bitcoin on the Ethereum (ETH-USD) blockchain, was stolen. The stolen funds have been traced to pseudonymous addresses on the Ethereum blockchain.
Although the investigation is ongoing, attackers appear to have slipped malicious code into application programming interface (API), according to BadgerDAO administrators and members.
“It was an exploit to their API. And the attackers used badger’s bridge product to convert the stolen funds to Bitcoin,” a Chainalysis spokesperson told Yahoo Finance.
Meanwhile, based on the type of theft, DeFi insurance provider Nexus Mutual said this week that the attack “would not be a covered event” — suggesting BadgerDAO may not be made whole financially. Currently, BadgerDAO members report there are still 249 accounts “granting approval to the known hacker address,” meaning more funds could still be stolen.
Celsius Network’s out-of-pocket expense for the stolen funds come just after the lending firm recently announced an additional $350 million in their latest series raise at a $3.25 billion valuation according to Coindesk. At the time, the company stressed the additional funds would boost its credibility with regulators.
David Hollerith covers cryptocurrency for Yahoo Finance. Follow him @dshollers.