Beanstalk Farms, an Ethereum-based stablecoin protocol, was exploited during the weekend, with the total losses skyrocketing to over $180 million. As a result, the native cryptocurrency (BEAN) plummeted by more than 80% in minutes.
Just hours after highlighting that it had attracted more than $150 million in TVL, Beanstalk Farms reported that it became the latest DeFi victim of a security breach.
The team initially said it had begun investigating the issue, while the blockchain security resource PeckShield informed that the attacker siphoned off at least $80 million, but the protocol’s losses were more significant.
The company explained that the exploit became possible through a “flash loan-assisted (immediate) pass of BIP18, which was submitted one day ago.”
2/ The hack is made possible due to the flashloan-assisted (immediate) pass of BIP18, which was submitted one day ago (https://t.co/4TocPkMna0). The BIP18 leads to the crafted code execution with the governance privilege to drain the pool fund. pic.twitter.com/qLYk7jhTCG
— PeckShield Inc. (@peckshield) April 17, 2022
PeckShield also noted that the attacker withdrew the initial funds to start the hack from Synapse Protocol and deposited most of the stolen assets to TornadoCash.
Interestingly, it appears that the perpetrator donated 250,000 USDC to the Ukraine Crypto Donation wallet.
Beanstalk’s Discord post explained that the attacker took a flash loan on Aave and amassed a vast portion of the project’s governance token (Stalk). This enabled them to pass a malicious governance protocol and send the funds to an Ethereum wallet.
As a result of the exploit, BEAN dumped from its $1-pegged price to below $0.1 at one point, and it stands at $0.2 as of now.