Beanstalk Farms, an Ethereum-based stablecoin protocol, was exploited for $182 million Sunday.
The attack was flagged on Twitter by blockchain security firm PeckShield, which said the attacker made away with at least $80 million in crypto, although the losses suffered by the protocol were much larger.
The market for Beanstalk’s BEAN stablecoin collapsed as a result of the attack. At press time, the token was down 86% from its $1 peg according to CoinGecko.
When reached for comment, Beanstalk pointed CoinDesk to a post in its Discord server summarizing how the attack occurred.
According to the summary, the attacker took out a flash loan on lending platform Aave which enabled them to amass a large amount of Beanstalk’s native governance token, Stalk. With the voting power granted by these Stalk tokens, the attacker was able to quickly pass a malicious governance proposal that drained all protocol funds into a private Ethereum wallet.
Project leads wrote in the attack summary:
Beanstalk’s smart contracts were audited by the blockchain security firm Omnicia. However, the audit was completed before the introduction of the flash loan vulnerability, the firm said in a Sunday post-mortem.
Beanstalk declined to provide details to CoinDesk regarding whether funds would be reimbursed to users, saying more news will be coming in a town hall event scheduled for Sunday.
According to PeckShield, the attacker appeared to donate $250,000 of the stolen funds to a Ukrainian relief wallet.
This is the latest in a string of major decentralized finance (DeFi) exploits to occur in the past few weeks. In March, Axie Infinity’s Ronin Blockchain was exploited for $625 million in an attack that U.S. officials have linked to North Korea.
Save a Seat Now