Discover the crypto universe in depth

Ethereum: $182 million lost in Beanstalk protocol hack

New hack in the crypto sphere: the decentralized finance (DeFi) protocol Beanstalk, victim of a hack, accuses losses of more than 182 million dollars.

PeckShield, a blockchain security company that aims to improve the security, privacy and usability of the entire blockchain ecosystem, announced in a tweet that the decentralized finance (DeFi) protocol Beanstalk (BEAN) has fallen victim to a hacker.

According to current data – which is likely to change as the investigation progresses – the hacker is believed to have walked away with more than $82 million, while Beanstalk is believed to have suffered losses to the tune of $182 million. Beanstalk is a credit-oriented stablecoin protocol based on Ethereum (ETH).

The founders of the project have since been communicating on Discord and claim to be in the investigation phase.

As for the company PeckShield, it explains that the hacker stole 80 million dollars by making them transit on Tornado Cash (mixer protocol). Specifically, he managed to steal 24,830 ETH, which is equivalent to approximately $75.8 million.

How did the hacker manage to attack Beanstalk?

Beanstalk logo hack

The BeanStalk (BEAN) protocol hack was carried out using a flash loan attack. A new type of collateral-free financing, this technique is increasingly making the news: it is sometimes used by malicious individuals on unsecured DeFi protocols.

The founders of Beanstalk summarized the process of the attack in a long message on Discord to the community:

In it, they explain that the hacker had previously contracted a flash loan on the Aave platform so that he was able to obtain a significant amount of native Beanstalk governance tokens. Using these tokens, a “malicious governance proposal drained all the protocol’s funds to a private Ethereum wallet.”

They state:

“Beanstalk did not use a flash-loan resistant metric to determine the % of Stalk that had voted in favor of the BIP. This is the fault that allowed the hacker to exploit Beanstalk.”

Beanstalk founders, explanatory Discord message

Another surprising point is that the hacker first made a donation worth $250,000 to Ukraine.

Unfortunately for the users, the founders of Beanstalk do not give any answer or guarantee about the refund of the stolen funds. They even seem defeatist for the future of Beanstalk. However, more news should be announced and hasty conclusions cannot be drawn.

Related Posts