Beanstalk hacked, and an attacker drained $182 million from the Beanstalk stablecoin protocol. Beanstalk Farms, an Ethereum-based stablecoin protocol, was exploited yesterday.
The attack was flagged on Twitter by blockchain security firm PeckShield, which said the attacker made away with at least $80 million in crypto, although the losses suffered by the protocol were much larger. As a result of the assault, the market for BEAN’s coin collapsed. According to CoinGecko, the token was down 86% from its $1 peg at present.
What happened in the Beanstalk hack?
A post on the company’s Discord server explains how the attack occurred. The attacker obtained a flash loan on Aave, which enabled them to acquire a large quantity of Stalk’s native governance token. The attacker swiftly passed a malevolent governance proposal that emptied all protocol funds into a private Ethereum wallet after acquiring the voting power given by these Stalk tokens.
“Beanstalk did not use a flash loan resistant measure to determine the percentage of Stalk that had voted in favor of the BIP. This was the fault that allowed the hacker to exploit Beanstalk” writes the project lead.
The smart contracts for “Beanstalk” were audited by the blockchain security firm Omnicia. However, according to a Sunday post-mortem write-up by the company, the audit was finished before the flash loan vulnerability was discovered. Beanstalk declined to provide details regarding whether funds would be reimbursed to users, saying more news will be coming in a town hall event scheduled for Sunday.
The source claims that the hacker donated $250,000 of the stolen cash to a Ukrainian relief wallet. This is the latest in several significant decentralized finance (DeFi) hacks in recent weeks. In March, the Ronin Blockchain on Axie Infinity was hacked for $625 million, according to U.S. officials, who linked it to North Korea.