Hack Drains $182 Million from Beanstalk Stablecoin Protocol, Hacker Donates Funds to War-Torn Ukraine

As per security research firm PeckShield, the attacker seems to have donated $250,000 (roughly Rs. 9.5 crore) to a Ukraine relief wallet.

By Radhika Parashar | Updated: 18 April 2022 15:03 IST

Hack Drains $182 Million from Beanstalk Stablecoin Protocol, Hacker Donates Funds to War-Torn Ukraine

Photo Credit: Pixabay/ Gerd Altmann

Beanstalk is working with experts and developers to limit the exploiter's capabilities

Highlights

Beanstalk Farms is a Ethereum-based stablecoin protocol
The type of attack is called “flash loan”
An investigation has been launched

Marking the second nine-figure DeFi breach in a month, hackers stole $182 million (roughly Rs. 1,389 crore) from Beanstalk Farms. The Ethereum-based stablecoin protocol issues a decentralised, credit-based stablecoin called the Bean ERC-20 token that its creators say has good chances of yielding profits for holders. The hacker breached the network via a flaw in newly introduced upgrades to its codebase. The attack has also been identified as an intensive, multi-step action. The hack type has been categorised as a “flash loan” attack, and costed the company millions worth of ETH and BEAN cryptocurrencies.

On April 17, PeakShield, posted about the hack on Twitter, alerting the BeanStalk community.

The security research firm has also said that the attacker seems to have donated $250,000 (roughly Rs. 9.5 crore) from the theft to a Ukraine relief wallet.

Career Options in Blockchain and Crypto

1/ The @BeanstalkFarms was exploited in a flurry of txs (https://t.co/PMsdP5dnJG and https://t.co/wyHe3ARZgU),
leading to the gain of $80+M for the hacker (The protocol loss may be larger), including 24,830 ETH and 36M BEAN.
— PeckShield Inc. (@peckshield) April 17, 2022

4/ The initial funds to launch the hack are withdrawn from @SynapseProtocol and most of the result gains are deposited to @TornadoCash. Currently 15,154 ETH still stays in the hacker's account. Note the hacker donates 250k USDC to Ukraine Crypto Donation. pic.twitter.com/jBjUJ0JbGj
— PeckShield Inc. (@peckshield) April 17, 2022

Beanstalk Farms, in a Twitter post said that they are asking experts in the DeFi (decentralised finance) sector and Ethereum blockchain to help them limit the exploiter's ability to withdraw funds via centralised exchanges.

Crypto hack mitigation tool Lossless has offered to help the stablecoin protocol in the investigation.

Robinhood CEO Calls Dogecoin ‘Future Currency of Internet’

We're engaging all efforts to try to move forward. As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter's ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well. https://t.co/fwceVz6hbi
— Beanstalk Farms (@BeanstalkFarms) April 17, 2022

Following the incident, the market for Beanstalk's BEAN stablecoin went down 86 percent from its $1 (roughly Rs. 76) peg, as per CoinGecko.

Meanwhile, security firm Omniscia, which audited Beanstalk's smart contracts, said that the code that was breached was introduced after it had completed its audit process.

“We would like to state that the code exploited in the attack has not been audited by Omniscia as it was introduced beyond our initial audits of the system,” the security firm wrote in a blog post.

The Beanstalk protocol has so far not disclosed any plans to reimburse the victims of this hack, Coindesk said in its report.

The hacker has also been using privacy mixer tool Tornado Cash to wash parts of the stolen tokens and hide the final destination that the deposits are wired to.

In March, Axie Infinity's Ronin blockchain developed by Sky Mavis was exploited for $625 million (roughly Rs. 4,729 crore).

Overall, cyber criminals last year stole over $1.3 billion (roughly Rs. 9,606 crore) from the blockchain sector, a report by blockchain research firm CertiK has claimed.

Should you buy a 4G or 5G budget phone? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Cryptocurrency, Hack, Beanstalk Stablecoin Protocol

Radhika Parashar

Email Radhika

Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More