DeFi Stablecoin Platform Beanstalk Suffers ~$80 Million Hack
Another DeFi platform took a big hit today as the decentralized credit-based stablecoin Beanstalk (with its stablecoin $BEAN) broke its peg after a hack of about $80 million.
There has been speculation left, right, and center, and a number of sleuths have been tracking the cash flow and studying the exploit that likely left Beanstalk Farms in the dust.
Let’s take a look at what we know about the early hours since the hack.
Beanstalk Farms Hack: What Went Wrong?
The transaction on Etherscan reveals that the hacker has used what is commonly known as a “flash loan attack,” an attack previously seen on DeFi protocols. A crypto flash loan allows a user to borrow and repay a loan in a single transaction, minimizing risk for lenders and streamlining processes for borrowers.
In the Beanstalk Farms hack, the hacker borrowed nearly a third of the BEAN supply, approximately 32 million tokens, and used Curve Finance’s $3Crv tokens to generate unique tokens ‘BEAN3CRV-f’ and ‘BEAN3LUSD-f’.
The attacker used these two new tokens to trick Beanstalk’s governance model and gave the hacker a massive majority of “seeds,” the platform’s governance token. With such a larger amount of seeds, the hacker had the contractual opportunity to perform an ’emergency management action’, which involved siphoning huge sums of money from the Beanstalk contract.
The hacker even withdrew a $250,000 donation to the Ukrainian donation address as part of the hack, setting the board’s proposals more than 24 hours prior to the actual execution of the flash loan attack.
Lossless (LSS) has contacted Beanstalk; the project is an increasingly used tool to combat potential hacks. † Source: LSS USDT on TradingView.com
Related literature | Bitcoin Clings To $40K On Easter Sunday As Crypto Appears To Go Lower In The Short Term
Can the protocol recover?
Just days ago, Beanstalk celebrated more than $150 million in TVL, more than $130 million in liquidity, and a rapidly approaching market cap of $100 million was imminent. Protocol had to step on the brakes and the future is now unclear – with a stark Discord screenshot of administrators:
How the protocol will recover from here will be difficult to predict. Additional Discord screenshots show that the project won’t shut down immediately, but neither will it hold on to an eventual rebuild:
Crypto hack mitigators Lossless have reached out and Beanstalk will likely need strong partners to recover from this. Comments on Beanstalk’s Twitter account have speculated that it was an “inside job” for Beanstalk to exit retail as liquidity exit. Until more details come to light, though, it’s all speculation.
We do everything we can to move forward. As a decentralized project, we are asking the DeFi community and chain analytics experts to help us limit the exploiter’s ability to withdraw funds through CEXes. If the exploiter is open to discussion, so are we. https://t.co/fwceVz6hbi
— Beanstalk Farms (@BeanstalkFarms) April 17, 2022
Related literature | ADA Rebound with Integration of USDT and USDC on Cardano
Featured image from Pixabay, charts from TradingView.com The author of this content is not associated or affiliated with any of the parties mentioned in this article. This is not financial advice.