Another mammoth size DeFi exploit amounting $182M has been reported at Beanstalk Farms. It has not been even a month after the $625 million crypto heist at Ronin network.
What is Beanstalk
Beanstalk Farms is a decentralized credit based stable coin protocol based on one of the most popular blockchains of the time – Ethereum. Beanstalk uses credit instead of collateral to issue stablecoins It was exploited on Sunday in the name of a flash loan.
The news of the theft attack was shared by Beanstalk on its website stating, “Beanstalk suffered an exploit on 4/17. The Beanstalk Farms team is investigating the attack and charting a path forward. Please check Discord for more information and updates..”
The attacker used Uniswap to trade DAI, USDC and USDT for Ethereum, which have a net value of 24,830 Ethers i.e, approximately $76 million at the current prices. But the actual loss by the Beanstalk seems to be much bigger than this. The platform is actually reporting a loss worth $182M.
It is noteworthy to mention that the stable coin by BeanStalk, termed as BEAN is pegged against the US dollar with a valuation of $1 per coin. But after the news of this attack the coin saw a downfall up to 86%.
On its Discord Server, Beanstalk also briefed about the masterplan that led to the materialization of attack.
DeFis have been vulnerable to hacks and seeing the frequency of attacks, it becomes all the more important for the users to be extra precautious while using this genre of Crypto.
As investigated by US, the last month’s $625 million theft on Ronin network was by hackers from North Korea.
Ronin’s hack occurred on the bridge which allows its users of the NFT game Axie Infinity swap their crypto tokens with the ones needed for the game.
What is DeFi
DeFi, Decentralized Finance is an application of blockchain technology that provides an alternative finance ecosystem. It allows the users to transfer, trade, borrow and lend cryptocurrency without the need of any intermediate agency like Banks.
How Beanstalk was attacked
According to the summary, the attacker took out a flash loan on lending platform Aave which enabled them to amass a large amount of Beanstalk’s native governance token, Stalk. With the voting power granted by these Stalk tokens, the attacker was able to quickly pass a malicious governance proposal that drained all protocol funds into a private Ethereum wallet.
Project leads wrote in the attack summary:
“Beanstalk did not use a flash loan resistant measure to determine the % of Stalk that had voted in favor of the BIP. This was the fault that allowed the hacker to exploit Beanstalk.”
As per the reports by PeckShield, the attacker appeared to donate $250,000 of the stolen funds to a Ukrainian relief wallet.