Marking the second nine-figure DeFi breach in a month, hackers stole $182 million (roughly Rs. 1,389 crore) from Beanstalk Farms. The Ethereum-based stablecoin protocol issues a decentralised, credit-based stablecoin called the Bean ERC-20 token that its creators say has good chances of yielding profits for holders. The hacker breached the network via a flaw in newly introduced upgrades to its codebase. The attack has also been identified as an intensive, multi-step action. The hack type has been categorised as a “flash loan” attack, and costed the company millions worth of ETH and BEAN cryptocurrencies.
On April 17, PeakShield, posted about the hack on Twitter, alerting the BeanStalk community.
The security research firm has also said that the attacker seems to have donated $250,000 (roughly Rs. 9.5 crore) from the theft to a Ukraine relief wallet.
Beanstalk Farms, in a Twitter post said that they are asking experts in the DeFi (decentralised finance) sector and Ethereum blockchain to help them limit the exploiter’s ability to withdraw funds via centralised exchanges.
Crypto hack mitigation tool Lossless has offered to help the stablecoin protocol in the investigation.
We’re engaging all efforts to try to move forward. As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter’s ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well. https://t.co/fwceVz6hbi
— Beanstalk Farms (@BeanstalkFarms) April 17, 2022
Following the incident, the market for Beanstalk’s BEAN stablecoin went down 86 percent from its $1 (roughly Rs. 76) peg, as per CoinGecko.
Meanwhile, security firm Omniscia, which audited Beanstalk’s smart contracts, said that the code that was breached was introduced after it had completed its audit process.
“We would like to state that the code exploited in the attack has not been audited by Omniscia as it was introduced beyond our initial audits of the system,” the security firm wrote in a blog post.
The Beanstalk protocol has so far not disclosed any plans to reimburse the victims of this hack, Coindesk said in its report.
The hacker has also been using privacy mixer tool Tornado Cash to wash parts of the stolen tokens and hide the final destination that the deposits are wired to.