Beanstalk Faces a Flash Loan Attack that Sees About $180M Vanish, Here’s All We Know So Far
Beanstalk Farms, an Ethereum-based stablecoin platform, has experienced a massive loss of funds in the latest major attack on its network.
The Hacker Exploited Some Security Weaknesses in Beanstalk
PeckShield, a blockchain security firm that highlighted the attack via Twitter on Sunday, the network lost $182 million. In comparison, the attacker grabbed about $80 million in crypto tokens. By shifting the $80 million to crypto mixing service provider Tornado Cash, the perpetrator already has succeeded in hiding their trail.
The hacker was able to steal the funds, specifically 24,830 ETH and 36M Bean, by performing two ill-natured propositions followed by a flash loan attack via Aave when he exploited some security flaws in the network.
The attacker secured a significant amount of Beanstalk’s token Stalk by taking out a flash loan on Aave’s lending platform. The strong voting power accorded to the hacker enabled him to bypass the two-thirds majority rule offered by the Stalk tokens. The culprit, consequently, was able to quickly accept a fraudulent governance proposal that diverted all protocol money into an Ethereum wallet.
PeckShield also noted that the attack began with the passage of BIP-18 and BIP-19, which intended to contribute 250,000 USDC to the war-griefed Ukraine.
A Bailout is Not Likely
Beanstalk founders declined to comment on whether users’ money will be returned but said they would provide further information during their Town Hall Meeting. Publius, a Discord team member, believes that the hack could cause the total demise of the project. He claimed that because their initiative lacks venture capital backing, it’s pretty unlikely that any form of rescue or refund will be forthcoming.
Publius also added that the same process that promoted Beanstalk’s success was also the aspect that set it up for failure.
Meanwhile, the Beanstalk Farms founders have disassociated themselves from the exploit claiming that they do not know any of the assailants. They, too, claim to have lost their investment in the process.
Following the incident, BEAN, the system’s stablecoin made to monitor the US dollar price, crashed. It’s now trading at $0.26 per share.
Flash Loans Have Become a Common Loophole for Hackers
Flash loans are loans whereby a lender issues money to a borrower expecting repayment with an interest amount. They are a form of unsecured lending made available to investors by several decentralized finance (DeFi) networks and protocols where users can borrow large amounts of assets.
This attack becomes the latest addition to several flash loan attacks, including Ring protocol, Value Defi, Cream Finance, and Alpha Homora. Hackers can exploit the smart contract with the tiniest coding error and walk away with huge sums of money.
Currency.com, a cryptocurrency trading company, stated last week that it had stopped a significant hack by blocking all operations in Russia. The platform was subjected to an unsuccessful distributed ‘denial of service’ (DDoS) cyber-attack.