The Badger DAO attack last November and December—during which an attacker stole about $121 million from users—is a good example of “ice phishing” on the blockchain. If that term conjures up images of plaid and puffy coat-clad folks huddled around a hole atop a frozen Minnesota lake, well, that image wouldn’t be too far off-base.
“Web3 reflects an architectural shift decentralizing management of platforms,” said Archie Agarwal, founder and CEO at ThreatModeler. “As platforms decentralize, the organizations that manage them will have to find ways to federate replacement controls for those they had centrally deployed. Whereas a legacy cash app may have incorporated contract verification, fraud detection or customer remedy; the mitigation described for the Badger UI exploitation is for users to conduct manual verification of proposed contracts on their own using a third-party app.”