TLDR: Ethereum relies on users “approving” contracts to spend their tokens by “blind signing” transactions. This, combined with a compromised website, allowed the hack to occur. On Radix, “approving” and “blind signing” do not exist - this kind of hack could not occur on Radix.
Badger DAO is a dApp on Ethereum and other EVM chains that allows users to earn yield on wrapped forms of BTC. Those tokens are used to provide liquidity for lending or trading elsewhere in Ethereum’s DeFi ecosystem, which is where the yield comes from.
To use their wrapped BTC, users have to first “approve” one of Badger’s smart contracts. In this example, a user grants a Badger Vault approval to spend their $wBTC. These tokens are then used as collateral to earn yield in Ethereum DeFi.
The “approval” is a transaction on Ethereum that must be signed. However, when signing, users are presented with only a hash of the transaction - appearing as a string of random letters and numbers. Users don’t actually know what it is they’re signing - they are “blind signing”.
In early Nov 2021, a hacker compromised the Badger website, injecting malicious code. The website now asked some users to give “infinite spend” approval to the hacker. Many users were tricked, as blind signing infinite spend approvals on Ethereum is commonplace.
The hacker waited for 22 days, collecting as many approvals as they could without raising any alarms. Then on Dec 2, the hacker sprung the trap. Leveraging the approvals, the hacker transferred the tokens owned by the tricked users to themselves.
So why couldn’t this hack happen on Radix’s upcoming Babylon mainnet with smart contract capability?
The answer is that tokens are a native feature of Radix, and Radix has an in-built “DeFi Engine” that handles all the core validations. We call it Radix Engine.
First, your account is its own smart contract “component”, which holds tokens inside “vaults”. If you want to transfer a token somewhere, you send it directly from your vault to someone else’s. No approvals needed.
Second, as tokens are a native first-class feature, transactions directly describe movements of tokens so a wallet can present human-readable actions to the user. No more blind signing of transactions.
Going back to the example, if a hacker managed to hijack the website of a dApp on Radix, there would be no “infinite approval”. The worst case scenario would be the user being asked to sign a single transaction swapping their wBTC for a fake $byvWBTC.
Because the transaction presented would be for a different token, the user would be able to easily see that something was amiss. Some users might be tricked if not paying attention, but it certainly wouldn’t be possible for the hack to lie unnoticed, collecting $120m over 22 days
If you’d like to learn more about Radix Engine and how it makes DeFi and your tokens on Radix far more secure, visit https://go.radixdlt.com/rekt-retweet-2.
In case you missed it, here is Why the $48 million Cashio hack on Solana could NEVER happen on Radix.
By Ben Fargher - RDX Works