An inexplicable error cost Celsius Network $22 million in restitution from the BadgerDAO hack
Leave it to the professionals: An error that shouldn't be possible if Celsius really uses Fireblocks...
On December 2nd of 2021, the decentralized autonomous organization (DAO) BadgerDAO was exploited by a phishing attack. Some 2100 BTC and 151 Ether were stolen in the attack. The largest single victim of this attack was the centralized crypto lending platform Celsius Network, which lost 896 BTC.
To compensate victims for their losses, the DAO implemented a restitution plan. First, Badger disbursed Bitcoin from their multisig out to the victims; Celsius received approximately 90 Bitcoin from this payout. Next, Badger created the “remBadger” token. Holders of the token were guaranteed a payout in Badger tokens over the next two years that would cover the remainder of the loss (assuming Badger price remained around $60). There was only one requirement: The remBadger must remain within the Badger vault. If the remBadger was withdrawn, all future restitution payments would be forfeit. Badger even included a helpful warning screen that would pop up in case someone attempted to withdraw their remBadger:
Inexplicably, on March 18, 2022, Celsius Network withdrew all 901 of its allotted remBadger, worth approximately $2.1 million at the time of the transaction. Realizing their mistake, the company attempted to convince the Badger team to allow them to re-deposit in violation of the rules set forward by the BIP-80 resolution. The team informed them they would need to complete a proposal and have the community vote, per the DAO rules. A person claiming to be a representative of “the affected company” in the Badger Discord group stated that Celsius did not know about these rules. He also stated that this error was “a human error involving one member of the team.” (We will come back to this in a bit).
Celsius put forward proposal BIP-91, which would change the rules to allow them to re-deposit the remBadger:
Unfortunately for Celsius Network, the BadgerDAO took the “code is law” ethos of DeFi seriously, and the proposal was voted down 89% to 11%. This means that Celsius Network walked away from BadgerDAO with 89 Bitcoin and approximately $2.1 million in Badger tokens. Using the valuation of Bitcoin today (approximately $30,000), this means Celsius ended up realizing a loss of approximately $22 million.
This loss is concerning for a few reasons:
On Twitter and in AMAs, Celsius Network CEO Alex Mashinsky has claimed that Celsius would be fully reimbursed for this loss. Had they continued to hold remBadger per the rules of the DAO, this may have been possible. However, Celsius now must recognize the loss of about 80% of their original position.
“Close to full recovery” is now recovery of <20% Celsius often brags about its professionalism. Mr. Mashinsky often argues that self-custody of ones’ assets is more risky than entrusting those assets to companies like Celsius. But how professional is it to lose $22 million in one unforced error?
You hacked yourself, dawg Celsius claims to use Fireblocks. This should make it impossible for a single employee to access and move funds from Celsius wallets and positions. Yet, according to a Celsius representative, this error was the fault of “one member of the team.” Either this was a lie, or Fireblocks was not implemented in this circumstance…
But perhaps we should just leave these issues to the professionals.
Cheers, you done any work on Ledn? What are your thoughts?
Excellent work.