BadgerDAO recently unraveled a phishing scam where bad actors took over the Discord invite link and redirected users to a fraudulent server. The intention was to steal their information and, thereby, their funds. All the users have been advised to note that discord.gg/badgerdao is the only official Discord invite link.
The DeFi ecosystem is growing at a good pace while benefiting users at a macro level. A downside that came to light was the intrusion by several bad actors intending to take over and steal information and funds from users.
Teams do take due care while sharing the official link; however, bad actors come with new ways to hijack the link and redirect users to a fraudulent server.
In the case of Badger, bad actors managed to create a Discord channel and mimic it perfectly as per the view of the official channel. Such spaces look real but intend to encourage users to share their personal information for bad actors to proceed and take away all their funds.
BadgerDAO has issued an advisory informing its current and potential users to take extreme care while interacting with such links and their owners. The destination where they land may only look real, but it may lack the true intention of connecting with everyone.
A whitehat raised a ticket mentioning an isolated discord phishing scam informing that the official link was also hijacked.
Fortunately, Badger has been able to recover the link indefinitely. The team has informed Discord about the same and updated the link on all its platforms. The original invite link – discord.gg/badgerdao – is now safe for the users to interact.
The entire incident was resolved in three simple steps.
All the malicious links were first canceled from the front end and on the social media platforms. Badger then enlisted whitehat investigators to conduct the investigation in the matter and share their reports with the team.
Finally, a group of users who were believed to have been subjected to the phishing scam were informed. While most of the links have been disabled, some legacy links could still appear on the internet. They have been disabled as well. Users are advised to take all the necessary precautions and avoid sharing their personal information, especially when in doubt.
No new links will be created. The function has been disabled, and users must report any suspicious activities to the team. Any piece of information could help resolve the issue for a long time.
Badger is a decentralized autonomous organization, DAO, that focuses on bringing Bitcoin to the space of decentralized finance. A total of 25,727 users have registered on the platform since its inception. The total value locked comes to $80,601,559 with 65 vaults/strategies.
Badger offers six products: Badger, Interest Bearing Bitcoin, Sett Vaults, Badger Boost, Digg, and bveCVX.
Even though all the current links have been disabled and an advisory has been issued, there is a chance that bad actors may strike back in a new form. Users must report such cases immediately to the team of BadgerDAO.