The Badger DAO attack last November and December—during which an attacker stole about $121 million from users—is a good example of “ice phishing” on the blockchain. If that term conjures up images of plaid and puffy coat-clad folks huddled around a hole atop a frozen Minnesota lake, well, that image wouldn’t be too far off-base.


“Web3 reflects an architectural shift decentralizing management of platforms,” said Archie Agarwal, founder and CEO at ThreatModeler. “As platforms decentralize, the organizations that manage them will have to find ways to federate replacement controls for those they had centrally deployed. Whereas a legacy cash app may have incorporated contract verification, fraud detection or customer remedy; the mitigation described for the Badger UI exploitation is for users to conduct manual verification of proposed contracts on their own using a third-party app.”

Read the full article here

If you’d like to learn more about ThreatModeler’s capabilities, you can contact us here.


ThreatModeler revolutionizes threat modeling during the design phase by automatically analyzing potential attack surfaces. Harness our patented functionalities to make critical architectural decisions and fortify your security posture.

Learn more >


Threat modeling remains essential even after deploying workloads, given the constantly evolving landscape of cloud development and digital transformation. CloudModeler not only connects to your live cloud environment but also accurately represents the current state, enabling precise modeling of your future state

Learn more >


DevOps Engineers can reclaim a full (security-driven) sprint with IAC-Assist, which streamlines the implementation of vital security policies by automatically generating threat models through its intuitive designer.

Learn more >