Attacker Drains $182M From Beanstalk Stablecoin Protocol

The Ethereum-based stablecoin protocol Beanstalk Farms was attacked for $182 million on Sunday.

PeckShield, a blockchain security company, reported the incident on Twitter, saying the attacker got off with at least $80 million in cryptocurrency, while the protocol's losses were far larger.

As a result of the hack, the market for Beanstalk's BEAN stablecoin plummeted. According to CoinGecko, the coin was down 86 percent from its $1 peg at the time of publication.

According to reports, the attacker obtained a big amount of Beanstalk's native governance token, Stalk, by taking out a flash loan on lending site Aave. The attacker was able to swiftly approve a malicious governance proposal that siphoned all protocol money into a private Ethereum wallet thanks to the voting power provided by these Stalk tokens.

In the attack summary, the project leaders wrote:

“Beanstalk did not use a flash loan resistant measure to determine the % of Stalk that had voted in favor of the BIP. This was the fault that allowed the hacker to exploit Beanstalk.”

Omnicia, a blockchain security agency, audited Beanstalk's smart contracts. According to the firm's Sunday post-mortem, the audit was done before the introduction of the flash loan vulnerability.

Beanstalk declined to comment  on whether funds would be reimbursed to users, stating that more information would be provided at a town hall meeting on Sunday.

The attacker pretended to give $250,000 of the stolen funds to a Ukrainian humanitarian wallet, according to PeckShield.

This is the most recent in a series of big decentralized finance (DeFi) hacks that have occurred in recent weeks. In March, Axie Infinity's Ronin Blockchain was hacked for $625 million in an incident linked to North Korea, according to US officials.