Beanstalk, a decentralised finance (DeFi) protocol based on the Ethereum blockchain (ETH), has been hacked to the tune of $78m. According to one of the project’s founders, those affected may never see their funds again.
Beanstalk has had $78 million stolen
Beanstalk (BEAN), a decentralised finance (DeFi) protocol built on the Ethereum blockchain (ETH), had the equivalent of about $78 million stolen in a hack earlier today.
Beanstalk suffered an exploit today.
The Beanstalk Farms team is investigating the attack and will make an announcement to the community as soon as possible.
– Beanstalk Farms (@BeanstalkFarms) April 17, 2022
According to a report by blockchain security firm PeckShield, the hack was made possible by a flash loan that allowed the hacker to purchase governance tokens in order to issue the BIP18 contract, an action that normally requires more than 67% votes. It was this contract that contained the pernicious code and allowed the hacker to withdraw the funds involved.
Once the assets were stolen, the hacker was able to repay his flash loan and transform all the remaining assets into Ethers, which represented approximately 78 million dollars at the time of the events. At the same time, he donated $250,000 to an organisation supporting Ukraine.
Fig. 1: Diagram of the Beanstalk protocol hack
The hacker then routed the $78 million in stolen Ethers through the Tornado Cash mixer in order to cover his tracks, a fairly standard method for hacks that unfortunately take place in the decentralised financial world.
According to several organisations specialising in blockchain security, the total loss of the protocol could amount to around 182 million dollars. As the hack took place today, we can expect more information in the coming days.
Note that as a result of the hack, the BEAN token, which is a stablecoin, has suddenly deviated from its normal value of $1.
Fig. 2: BEAN token price
Publius, one of the Beanstalk managers, said on the protocol’s Discord server that users would probably never see their funds again:
“Honestly, I don’t know what to say. We’re screwed. There is no financial support for this project, so it’s very unlikely there will be any bailout. “
This hack is the 10th largest in the history of decentralized finance, narrowly surpassing the $77.7 million hack of Ascendex last December.
