Beanstalk Farms, an Ethereum-based stablecoin protocol, was exploited during the weekend, with the total losses skyrocketing to over $180 million. As a result, the native cryptocurrency (BEAN) plummeted by more than 80% in minutes.
- Just hours after highlighting that it had attracted more than $150 million in TVL, Beanstalk Farms reported that it became the latest DeFi victim of a security breach.
- The team initially said it had begun investigating the issue, while the blockchain security resource PeckShield informed that the attacker siphoned off at least $80 million, but the protocol’s losses were more significant.
- The company explained that the exploit became possible through a “flash loan-assisted (immediate) pass of BIP18, which was submitted one day ago.”
2/ The hack is made possible due to the flashloan-assisted (immediate) pass of BIP18, which was submitted one day ago (https://t.co/4TocPkMna0). The BIP18 leads to the crafted code execution with the governance privilege to drain the pool fund. pic.twitter.com/qLYk7jhTCG
— PeckShield Inc. (@peckshield) April 17, 2022
- PeckShield also noted that the attacker withdrew the initial funds to start the hack from Synapse Protocol and deposited most of the stolen assets to TornadoCash.
- Interestingly, it appears that the perpetrator donated 250,000 USDC to the Ukraine Crypto Donation wallet.
- Beanstalk’s Discord post explained that the attacker took a flash loan on Aave and amassed a vast portion of the project’s governance token (Stalk). This enabled them to pass a malicious governance protocol and send the funds to an Ethereum wallet.
- As a result of the exploit, BEAN dumped from its $1-pegged price to below $0.1 at one point, and it stands at $0.2 as of now.