Photo Credit: Pixabay/ Gerd Altmann
Marking the second nine-figure DeFi breach in a month, hackers stole $182 million (roughly Rs. 1,389 crore) from Beanstalk Farms. The Ethereum-based stablecoin protocol issues a decentralised, credit-based stablecoin called the Bean ERC-20 token that its creators say has good chances of yielding profits for holders. The hacker breached the network via a flaw in newly introduced upgrades to its codebase. The attack has also been identified as an intensive, multi-step action. The hack type has been categorised as a “flash loan” attack, and costed the company millions worth of ETH and BEAN cryptocurrencies.
On April 17, PeakShield, posted about the hack on Twitter, alerting the BeanStalk community.
The security research firm has also said that the attacker seems to have donated $250,000 (roughly Rs. 9.5 crore) from the theft to a Ukraine relief wallet.
1/ The @BeanstalkFarms was exploited in a flurry of txs (https://t.co/PMsdP5dnJG and https://t.co/wyHe3ARZgU),
— PeckShield Inc. (@peckshield) April 17, 2022
leading to the gain of $80+M for the hacker (The protocol loss may be larger), including 24,830 ETH and 36M BEAN.
4/ The initial funds to launch the hack are withdrawn from @SynapseProtocol and most of the result gains are deposited to @TornadoCash. Currently 15,154 ETH still stays in the hacker's account. Note the hacker donates 250k USDC to Ukraine Crypto Donation. pic.twitter.com/jBjUJ0JbGj
— PeckShield Inc. (@peckshield) April 17, 2022
Beanstalk Farms, in a Twitter post said that they are asking experts in the DeFi (decentralised finance) sector and Ethereum blockchain to help them limit the exploiter's ability to withdraw funds via centralised exchanges.
Crypto hack mitigation tool Lossless has offered to help the stablecoin protocol in the investigation.
We're engaging all efforts to try to move forward. As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter's ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well. https://t.co/fwceVz6hbi
— Beanstalk Farms (@BeanstalkFarms) April 17, 2022
Following the incident, the market for Beanstalk's BEAN stablecoin went down 86 percent from its $1 (roughly Rs. 76) peg, as per CoinGecko.
Meanwhile, security firm Omniscia, which audited Beanstalk's smart contracts, said that the code that was breached was introduced after it had completed its audit process.
“We would like to state that the code exploited in the attack has not been audited by Omniscia as it was introduced beyond our initial audits of the system,” the security firm wrote in a blog post.
The Beanstalk protocol has so far not disclosed any plans to reimburse the victims of this hack, Coindesk said in its report.
The hacker has also been using privacy mixer tool Tornado Cash to wash parts of the stolen tokens and hide the final destination that the deposits are wired to.
In March, Axie Infinity's Ronin blockchain developed by Sky Mavis was exploited for $625 million (roughly Rs. 4,729 crore).
Overall, cyber criminals last year stole over $1.3 billion (roughly Rs. 9,606 crore) from the blockchain sector, a report by blockchain research firm CertiK has claimed.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.