Advertisement
On Sunday, Beanstalk Farms, an Ethereum-based stablecoin protocol, had $182 million stolen.
The attack was announced on Twitter by blockchain security firm PeckShield. They say that the attacker escaped with at least $80 million in cryptocurrencies, although the losses of the platform were much greater.
After this attack, Beanstalk's BEAN stablecoin market collapsed. According to CoinGecko, so far, the token has dropped 86 percent from its previous $1 price.
1/ The @BeanstalkFarms was exploited in a flurry of txs (https://t.co/PMsdP5dnJG and https://t.co/wyHe3ARZgU),
leading to the gain of $80+M for the hacker (The protocol loss may be larger), including 24,830 ETH and 36M BEAN.— PeckShield Inc. (@peckshield) April 17, 2022
Beanstalk summarized the attack in a discord post. Accordingly, the attacker took advantage of Flash loan on the Aave lending platform, which helped them accumulate a large amount of beanstalk's managed original token, Stalk. With voting rights from these Stalk tokens, the attacker was able to quickly adopt an administrative proposal that drained all the money into a separate Ethereum wallet.
The project's leaders wrote in the summary: "Beanstalk did not use measures against Flash Loan to determine what percentage stalk was in favor of BIP. This is an error that allows an attacker to exploit Beanstalk."
Beanstalk's smart contracts are tested by blockchain security firm Omnicia. However, the inspection was completed before the Flash Loan vulnerability appeared, the company said in its investigation on Sunday.
Beanstalk declined to disclose whether users would be compensated, saying it would make the new announcements during a town hall event next Sunday.
According to PeckShield, the assailant donated $250,000 of stolen funds to a relief wallet for Ukraine.
This is the latest attack on the decentralized financial platform (DeFi) to occur in recent weeks. In March 2022, Axie Infinity's Ronin blockchain platform was also stolen $625 million in an attack in which U.S. officials identified links to North Korea.