Beanstalk Farms, an Ethereum-based stablecoin protocol, was targeted by cyber-attackers who stole $80 million in tokens in one of the biggest flash-loan exploits ever. The security breach was executed by two sinister governance proposals together with a flash loan attack.

In decentralized finance (DeFi), flash loans are made when users manage to borrow huge amounts of stablecoins without providing any collateral. That is something that is not possible in the traditional lending space.

In that context, Beanstalk saw its governance proposal network exploited heavily enabling the malicious individuals to extract all available money in collateral. This issue with the stablecoin protocol was seeded by various suspicious governance proposals BIP-18 and BIP-19 issued on April 16 by the hacker who asked for the protocol to donate some of the funds to Ukraine.

Nonetheless, these proposals had a malicious rider hidden within them which in the end created the sinkhole of funds from the protocol, as highlighted by the smart contract auditor BlockSec.

This security breach of decentralized finance (DeFi) protocol took place at 12:24 pm UTC. At that time, the criminal took out $1 billion in flash loans from the AAVE protocol denominated in DAI, USD Coin, and Tether stablecoins.

They utilized these funds to acquire enough assets enabling them to take over 67% of the protocol’s governance and then approve their proposals.

A flash loan has to be executed and repaid within a single block and calls many smart contracts concurrently to complete. Flash loans have been used previously to execute hacks and security exploits of other protocols. Beanstalk Farms is a decentralized algorithmic stablecoin-issuing platform underpinned by Ethereum.

Related:Tower Finance Launches Algorithmic Stablecoin

Therefore, this case was technically not a hack because the smart contracts and governance processes functioned optimally. Problems and shortcomings in their design were exploited, and the project spokesperson “Publius” acknowledged the incident in a meeting on April 18, where he said:

“It’s unfortunate that the same governance procedure that put beanstalk in a position to succeed was ultimately its undoing.”

PeckShield blockchain security analysis firm alerted the Beanstalk team via Twitter at 12:41 pm UTC on April 17 about the incident:

“Hi, @beanstalkFarms, you may want to take a look.”

At that point, it was already too late. The criminal had made away with a whopping $80 million on Ether (ETH) and Beans (BEAN) tokens while the entire protocol was reported to have lost $182 million in total value locked (TVL) according to PeckShield.

BEAN is still down by around 80% trading below $0.19 according to CoinGecko data but bottomed at $0.06 when the hacker dumped most of their tokens.

How The Beanstalk Exploiter Executed The Plan

The criminal exchanged BEAN for ETH and then sent these coins to Tornado Cash to cover all their digital tracks. Nonetheless, they sent 250,000 USDC to the Ukraine Crypto Donation wallet. At 11:49 pm UTC on April 17, Publius said that the Beanstalk project might be lost since no venture capital backing is available to recover from these losses. He said: “We are f**ked.”

In the April 18 official meetings on the Beanstalk Discord channel, Publius introduced the three individuals who developed the project. They include Michael Montoya, Benjamin Weintraub, and Brendan Sanderson. All of them went to the University of Chicago where the idea of Beanstalk Farms came up.

Montoya said that the Beanstalk team consulted the Federal Bureau of Investigation (FBI) Crime Center services and would:

“Fully cooperate with them to track down the perpetrators and recover funds.”

The protocol’s smart contracts have been stopped and governance privileges revoked by the team. They have not responded to the issue of whether the FBI has any legal right or mandate to help them resolve this matter. Nonetheless, Publius believes that it is a form of theft that has to be investigated thoroughly.

On that note, the Beanstalk community has been mostly supportive of the developers in its current difficult times despite the huge personal losses. But, one community member called “Astrabean” is convinced that the team has to take more responsibility for the attack instead of accepting everything that took place to be an honest mistake that the project has to recover and move on from. He added:

“I would have wanted you as leaders to take accountability for what happened.”

On the flip side, “CharlieP” reiterated worries about trust in the protocol. He insistently asked the Beanstalk Farms team:

“Are you saying you have no responsibility for this endeavor? If that’s the case, who are we to trust that this is not going to happen again?”

Publius answered that the project is just an open-source code experiment, and not yet a business. He explained that neither he nor the Beanstalk team should be held accountable for everything that happened. He added:

“When you ask us to take responsibility, it’s really inappropriate.”

About the author

Wanguba Muriuki is an Editor at Large for E-Crypto News and author of the book- "The Exploitative Intrigues of Cryptocurrency Scams Explained." He is also a passionate creator who sees every aspect of life from a written perspective. He loves Blockchain, Cryptocurrency, Technology, and Traveling. He is a widely experienced creative and technical writer. Everything and everyone is describable. The best description is written.

Related Posts

E-Crypto News Executive Interviews

Crypto Scams

Joon Pak Head of Crypto at Prove talks to Us about Crypto Fraud And More
April 11, 2022
Mintable CEO Zach Burks Talks to Us about the Opensea Stolen NFTs and Their Recovery
March 21, 2022
Crypto Crime
Crypto Crime Surges To Record Highs As Thieves Follow Market Buzz – Chainalysis 2022 Report
February 24, 2022
Bots Circumvent 2FA Login At Coinbase And Other Crypto Exchanges In 2022
Bots Have Circumvented 2FA Logins At Coinbase And Other Crypto Exchanges In 2022
February 17, 2022
The Art Of The Rug Pull... Everything You Need To Avoid In 2022
The Art Of The Rug Pull… Everything You Need To Avoid In 2022
February 15, 2022

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

Roundtable Interview-What is the Effect of The Russia-Ukraine War on Cryptocurrency Prices?
March 4, 2022
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin29,397 0.41 % 2.42 % 1.76 %
Ethereum1,960.4 0.51 % 4.60 % 3.23 %
Tether1.002 0.15 % 0.20 % 0.04 %
BNB322.70 0.28 % 3.25 % 8.23 %
USD Coin0.9989 0.16 % 0.08 % 0.04 %
XRP0.4044 0.52 % 3.63 % 4.51 %
Binance USD1.002 0.06 % 0.06 % 0.03 %
Cardano0.9566 0.22 % 0.68 % 6.96 %
Solana49.58 0.77 % 6.60 % 7.59 %
Polkadot10.02 0.82 % 4.90 % 5.98 %

Bitcoin (BTC) $ 29,292.00
Ethereum (ETH) $ 1,947.17
Tether (USDT) $ 1.00
BNB (BNB) $ 321.20
USD Coin (USDC) $ 1.00
XRP (XRP) $ 0.403193
Binance USD (BUSD) $ 1.00
Cardano (ADA) $ 0.509777
Solana (SOL) $ 49.14
Polkadot (DOT) $ 9.96