Stablecoin Protocol Beanstalk Loses $182M in Flash Loan Attack

Monday, 18/04/2022 | 07:48 GMT by Arnab Shome
  • Hackers used flash loans to exploit the protocol.
  • $80 million from the siphoned proceeds were already sent to crypto mixers.
cybersecurity

Ethereum-based stablecoin protocol, Beanstalk Farms has fallen to be victim to a cyberattack as hackers drained $182 million in cryptocurrencies from the platform on Sunday.

As confirmed by the protocol developers, the perpetrators exploited the platform by taking a $1 billion flash loan on the lending platform Aave denominated in three stablecoins, DAI, USD Coin and Tether. This enabled them to hoard a significant amount of Beanstalk’s native governance token, Stalk.

The hackers thus gained a majority voting power in the decentralized finance (DeFi) platform and executed malicious governance proposals, thus draining the liquidity.

“Beanstalk did not use a flash loan resistant measure to determine the % of Stalk that had voted in favor of the BIP. This was the fault that allowed the hacker to exploit Beanstalk,” the project leads of the exploited platform explained.

According to the blockchain analytics firm, PeckShield, the hackers already got away with $80 million in the exploited funds and transferred them to the crypto mixer, Tornado Cash.

Interestingly, the hackers donated $250,000 in stolen cryptocurrencies to Ukraine's relief wallet.

“It’s unfortunate that the same governance procedure that put beanstalk in a position to succeed was ultimately its undoing,” a spokesperson from Beanstalk said.

However, the exploited crypto project did not detail if it is going to compensate the victims of the attack. Meanwhile, the value of Beanstalk’s BEAN stablecoin collapsed after the attack, trading almost 80 percent below its pegged value of $1, as of press time, according to CoinGecko.

Vulnerable DeFis

DeFi platforms have been touted as the real challenger to the traditional finance industry. But, these platforms have numerous vulnerabilities, making them easy targets for hackers. Several DeFi platforms have been attacked in recent years, draining hundreds of millions of dollars from these platforms.

Last month, the cross-chain bridge, Ronin Network was exploited resulting in the theft of almost $600 million worth of cryptocurrencies. It was the backbone of one of the largest decentralized games, Axie Infinity.

Ethereum-based stablecoin protocol, Beanstalk Farms has fallen to be victim to a cyberattack as hackers drained $182 million in cryptocurrencies from the platform on Sunday.

As confirmed by the protocol developers, the perpetrators exploited the platform by taking a $1 billion flash loan on the lending platform Aave denominated in three stablecoins, DAI, USD Coin and Tether. This enabled them to hoard a significant amount of Beanstalk’s native governance token, Stalk.

The hackers thus gained a majority voting power in the decentralized finance (DeFi) platform and executed malicious governance proposals, thus draining the liquidity.

“Beanstalk did not use a flash loan resistant measure to determine the % of Stalk that had voted in favor of the BIP. This was the fault that allowed the hacker to exploit Beanstalk,” the project leads of the exploited platform explained.

According to the blockchain analytics firm, PeckShield, the hackers already got away with $80 million in the exploited funds and transferred them to the crypto mixer, Tornado Cash.

Interestingly, the hackers donated $250,000 in stolen cryptocurrencies to Ukraine's relief wallet.

“It’s unfortunate that the same governance procedure that put beanstalk in a position to succeed was ultimately its undoing,” a spokesperson from Beanstalk said.

However, the exploited crypto project did not detail if it is going to compensate the victims of the attack. Meanwhile, the value of Beanstalk’s BEAN stablecoin collapsed after the attack, trading almost 80 percent below its pegged value of $1, as of press time, according to CoinGecko.

Vulnerable DeFis

DeFi platforms have been touted as the real challenger to the traditional finance industry. But, these platforms have numerous vulnerabilities, making them easy targets for hackers. Several DeFi platforms have been attacked in recent years, draining hundreds of millions of dollars from these platforms.

Last month, the cross-chain bridge, Ronin Network was exploited resulting in the theft of almost $600 million worth of cryptocurrencies. It was the backbone of one of the largest decentralized games, Axie Infinity.

About the Author: Arnab Shome
Arnab Shome
  • 6654 Articles
  • 102 Followers
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.

More from the Author

CryptoCurrency