Beanstalk Farms is the most recent project to suffer a security breach, losing all of its $182 million in collateral.
A combination of two nefarious governance ideas and a flash loan attack attacked the credit-based stablecoin technology.
A flash loan must be completed and repaid in a single block, and it frequently requires the execution of multiple smart contracts at the same time. In the past, flash loans have been used to carry out hacks or security attacks on other protocols. Beanstalk Farms is based on Ethereum.
The attacker may have made off with 24,830 Ethereum (ETH) and 36 million Bean (BEAN) in the hack, according to blockchain security firm PeckShield.
Beanstalk Farms confirm attack
Confirming the attack, Beanstalk Farms wrote that they are “engaging all efforts to try to move forward.”
“As a decentralized project, we are asking the DeFi [decentralized finance] community and experts in chain analytics to help us limit the exploiter’s ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well,” said a spokesman for Beanstalk Farms.
Since the attack, BEAN is down by 78.3% and is trading at $0.21. Publius, a core member of the team on Discord, said that the incident could lead to the demise of the asset. “This project has not had any venture backing, so it is highly unlikely there is any sort of bailout coming.”
PeckShield chronicled the nature of the attack, pointing out that it began with the passing of BIP-18 and BIP-19 which sought to donate funds to war-torn Ukraine.
Both Peckshield and the protocol’s auditor BlockSec agree that the proposals contained malicious code designed to “drain the pool’s fund.”
According to Block Sec, the attacker waited for a day after the passing of the emergency period to invoke the emergencyCommit.
To bypass the two-third voting majority, the hacker deposited tokens into the Diamond contract that allowed him to borrow flash loans and deposit into the contract to get voting power.
With almost 79% of the voting power, the attacker drained the funds in what has been described as a one-of-a-kind attack. On-chain data indicates that the attacker sent 250,000 USD Coin (USDC) to an address affiliated with Ukraine’s donation efforts.
“The same governance procedure that put Beanstalk in a position to succeed was ultimately its undoing,” said Publius.
The project’s team has since said they are not to be blamed for the attack. Their stance whipped up controversy in the community with members demanding they take responsibility for the incident.
“When you ask us to take responsibility, it’s really inappropriate,” said Publius. He argued that Beanstalk Farms was an open-source code project and was not run as a business so the team should be absolved of any wrongdoing.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews