Attackers swipe $80 million from ethereum DeFi project Beanstalk in one of the largest flash-loan exploits ever

hooded figure in dark room, computer hacker, studio shot
Bill Hinton/Getty Images
  • Cyber-attackers stole $80 million from stablecoin protocol Beanstalk in a massive flash-loan swindle Sunday.

  • As a result, the credit-focused decentralized finance protocol lost its $182 million in total value locked.

  • "We lost all of our deposited assets in the Silo, which was substantial," the founders said.

Cyber-attackers targeted ethereum-based stablecoin project Beanstalk Farms and made away with roughly $80 million in tokens in one of the largest flash-loan exploits ever.

As a result, the credit-focused decentralized finance protocol lost its $182 million in total value locked, meaning the overall value of crypto assets deposited. Its native token, BEAN, which is meant to be pegged to the dollar, fell more than 75% over the last day.

"We are not aware of the identity of the individuals who were involved," the founders said in the Beanstalk Discord channel. "Like all other investors in Beanstalk, we lost all of our deposited assets in the Silo, which was substantial."

Meanwhile, the attackers have already moved the entire $80 million in tokens they swiped into Tornado Cash to hide the funds, according to blockchain research firm PeckShield and Bloomberg.

The security breach stemmed from an infiltration of the governance proposal system of the protocol, which opened the door to the attack. The exploiter asked for the protocol to send funds to Ukraine as a donation, but the proposal had a malicious rider attached to it, leading to the fund drain.

This case was not a technical hack, per se, but an exploitation of a design flaw in the governance procedure, which a project spokesperson addressed on Monday, CoinTelegraph reported.

"It's unfortunate that the same governance procedure that put beanstalk in a position to succeed was ultimately its undoing," the spokesperson said.

In decentralized finance, so-called flash loans are made when users borrow massive sums of stablecoins without any collateral — something that isn't possible in traditional lending.

The lending and borrowing process is meant to happen within a single transaction on the blockchain instantaneously and is not uncommon among arbitrage traders.

However, by manipulating the protocol or smart contract code, an attacker can exploit vulnerabilities in the transaction and drain funds.

Notably, the exploiters of Beanstalk did donate $250,000 of stablecoin USDC to Ukraine.

Read the original article on Business Insider