Beanstalk farms reportedly suffered an exploit on its network today for $182 million. Updates its community that the team is actively investigating the mishap and will give an update soon.
Beanstalk Farms Exploited
Beanstalk farms, the Ethereum-based stablecoin protocol, was just exploited for $182 million on Sunday. The credit-focused stablecoin system was hacked for all of its collateral early Sunday morning as a result of a security breach created by two nefarious governance proposals and a flash loan attack.
According to blockchain security startup PeckShield, the protocol lost around $182 million in various cryptocurrencies as a result of this breach. PeckShield, announced the attack on Twitter, claiming that the attacker got off with at least $80 million in cryptocurrency, while the protocol’s losses were far more.
PeckShield further stated,
Our initial analysis shows the @BeanstalkFarms loss is ~$182m ! Here is the breakdown of stolen assets: 79,238,241 BEAN3CRV-f, 1,637,956 BEANLUSD-f, 36,084,584 BEAN, and 0.54 UNI-V2_WETH_BEAN. https://t.co/8OzPn8F8ot
— PeckShield Inc. (@peckshield) April 17, 2022
“Our initial analysis shows the @BeanstalkFarms loss is $182m! Here is the breakdown of stolen assets: 79,238,241 BEAN3CRV-f, 1,637,956 BEANLUSD-f, 36,084,584 BEAN, and 0.54 UNI-V2_WETH_BEAN.”
Beanstalk posted an update about how it happened on their discord server. According to the report, the problem began when suspicious governance proposals, BIP-18 and BIP-19, were filed on April 16th by the exploiter, who requested that the protocol give money to Ukraine. According to smart contract auditor BlockSec, the proposals had a malicious rider added to them since they were unaware of the protocol, which resulted in a sinkhole of cash from the protocol.
The exploiter used the AAVE protocol to obtain a $1 billion flash loan in DAI, USDC, and USDT stablecoins. The attacker then utilized the money to amass enough wealth to gain control of 67 percent of the protocol’s governance and accept their own proposals.
Tornado Cash, a prominent privacy platform, was used to channel the money. Tornado Cash is a cryptocurrency mixer system that allows for private transactions. This is the same platform that the $625 million Axie Infinity network’s hacker used to transfer some of its cash.
Omnicia, a blockchain security organization, audited Beanstalk’s smart contracts. According to the firm’s Sunday post-mortem, the audit was done before the introduction of the flash loan vulnerability.
This is the most recent in a series of big decentralized finance (DeFi) hacks that have occurred in recent weeks. In March, Axie Infinity’s Ronin Blockchain was hacked for $625 million in an incident linked to North Korea, according to US officials.
TOP 10 CRYPTOCURRENCY
|#||Name||Price||Market Cap||Change||Price Graph (24h)|