DeFi Stablecoin Platform Beanstalk Suffers ~$80M Hack

Another DeFi platform took a major hit today, as the decentralized, credit-based stablecoin Beanstalk (with it’s stablecoin $BEAN) has broken it’s peg following a roughly $80M hack.

Speculation has been left, right and center and a number of sleuths have been tracking the movement of funds and studying the exploit that has likely left Beanstalk Farms in the dust.

Let’s look at what we know from the early hours since the hack.

Beanstalk Farms’ Hack: What Went Down

The transaction on Etherscan shows that the hacker used what’s commonly known as a ‘flash loan attack,’ one that has been seen on DeFi protocols previously. A flash loan in crypto allows a user to borrow and repay a loan in a single transaction, which minimizes risk for lenders and can streamline processes for borrowers.

In the Beanstalk Farms hack, the hacker borrowed nearly a third of the BEAN supply, roughly 32 million tokens and utilized Curve Finance’s $3Crv tokens to generate a unique tokens ‘BEAN3CRV-f’ and ‘BEAN3LUSD-f.’

The attacker utilized these two new tokens to deceive Beanstalk’s governance model and gave the hacker a massive majority holding of ‘seeds,’ the platform’s governance token. With such a larger holding of seeds, the hacker had the contractual capability to execute an ’emergency governance action,’ siphoning massive amounts of funds from the Beanstalk contract.

The hacker even included a $250K donation to the Ukrainian donation address as part of the hack, and set up the governance proposals over 24 hours prior to actual execution of the flash loan attack.

Lossless (LSS) has reached out to Beanstalk; the project is an increasingly-utilized tool to combat against potential hacks. | Source: LSS-USDT on TradingView.com

Related Reading | Bitcoin Clings To $40K On Easter Sunday As Crypto Seen To Head Lower In The Short Term

Can The Protocol Recover? 

Just days ago, Beanstalk was celebrating over $150M in TVL, over $130M in liquidity, and a rapidly approaching market cap of $100M that was impending. The protocol has had to pump the brakes, and it’s future is now unclear – with a stark Discord screenshot from admins:

Image

How the protocol recovers from here will be difficult to predict. Additional Discord screenshots show that the project is not shutting down immediately, but is also not committing towards an eventual re-build:

publius — Today at 10:47 AM @everyone, we don't rly have much to say atm but wanted to say a few things:  1. we are incredibly sorry that everyone has lost money and is suffering.   2. we are not sure what the best next steps are wrt beanstalk. we feel that the economic model was finally starting to demonstrate its efficacy, which makes this pill even tougher to swallow. one of the things that set Beanstalk apart from other projects was the fair launch, and obviously going forward there will be the baggage around this hack.   3. we want to say thank you to those of you that have reached out to us w your thoughts on how to move forward. we are trying to figure it out.  4. while today is a horrible day, it may also be the start of something good. the lack of VC backing for Beanstalk makes something akin to the wormhole instant recovery highly unlikely, but there may be a path forward. We don't want to comment on next steps until that path is at least visible to us.

Crypto hack mitigators Lossless have reached out and Beanstalk will likely need strong partners to recover from this. Commentors on Beanstalk’s Twitter account have speculated that it was an ‘inside job’ conducted by Beanstalk to leave retail as exit liquidity. However, until more details come to light, it’s all speculation.

Related Reading | ADA To Rebound With Integration Of USDT And USDC On Cardano

Featured image from Pixabay, Charts from TradingView.com
The writer of this content is not associated or affiliated with any of the parties mentioned in this article. This is not financial advice.



Original

Spread the love

Related posts

Leave a Comment