Attacker found a way to register an API key in a Cloudflare account for target account they want access to, if the owner of the email address verifies the address the keys get global access. They used Cloudflare access to create a Worker that injects Web3 token approvals so they could send from victims accounts as they visited the site.
They applied and removed the script periodically over the month of November, often for very short periods of time. The attacker also only targeted wallets over a certain balance, and explicitly avoided targeting listed signers of the Dev Multisig. Finally, the attacker accessed the API from multiple proxy and VPN IP addresses and changed the script on each deployment so they each had a unique hash, rendering static indicators of limited value.
The hacker ultimately stole $130 million in funds, but approximately $9 million of that was recoverable since those funds were transferred by the hacker but not yet withdrawn from Badger’s vaults.
Token Approval Checker: https://etherscan.io/tokenapprovalchecker
Vulcan Forged is a crypto gaming ecosystem, which creates wallets on behalf of its users. 96 private keys were stolen. Vulcan Forged uses wallet management service Venly. "Venly Servers or Solutions have not been compromised. The Venly team is actively helping the Vulcan Forged team with data analytics to help them understand and recover from this unfortunate event. Official communication will follow soon."
AscendEX a centralized exchange created by a “group of Wall Street quantitative trading veterans”.
Funds were drained from the hot wallet across three chains, beginning at just before 8PM +UTC on December 11th.
AscendEX is still investigating what led to the wallet being compromised.
Peckshield puts the losses at $60M on Ethereum, $9.2M on BSC and $8.5M on Polygon.
Affected AscendEX users will apparently be reimbursed