Crooks steal $182 million from Beanstalk DeFi platform

2 years ago 141
BOOK THIS SPACE FOR AD
ARTICLE AD

Credit-based stablecoin protocol Beanstalk discloses a security breach that resulted in the loss of all of its $182 million.

The decentralized, credit-based finance system Beanstalk suffered a security breach that resulted in financial losses of $182 million. Researchers at blockchain analysis firm PeckShield reported that the attackers have stolen $80 M for the hacker. PeckShield first reported the suspicious activity to the Beanstalk team via Twitter on Sunday.

We’re engaging all efforts to try to move forward. As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter's ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well. https://t.co/fwceVz6hbi

— Beanstalk Farms (@BeanstalkFarms) April 17, 2022

We’re engaging all efforts to try to move forward. As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter's ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well. https://t.co/fwceVz6hbi

— Beanstalk Farms (@BeanstalkFarms) April 17, 2022

The security breach was caused by two shady governance proposals (BIP-18 and BIP-19) and a flash loan attack. The attackers

The attacker made a proposal in the suspicious transaction, the malicious contract will be executed when the proposal passes, smart contract auditor BlockSec explained.

“The problem for the protocol was seeded by suspicious governance proposals BIP-18 and BIP-19, which were issued on Saturday by the exploiter, who asked for the protocol to donate funds to Ukraine.” reported the CoinTelegraph. “However, those proposals had a malicious rider attached to them th ultimately created the sinkhole of funds from the protocol, according to smart contract auditor BlockSec.”

Researchers at smart contract auditors and developers at Omniscia who analyzed the attack explained that the attackers conducted a flash-loan attack on the Beanstalk Protocol. The hackers exploited a vulnerability in its newly introduced Curve LP Silos to compromise the protocol’s governance mechanism and conduct an emergency execution of a malicious proposal to steal the funds.

A flash loan attack takes place when hackers loan funds from a DeFi platform and bypass the loan mechanism to steal funds using exploits.

PeckShield researchers explained that attackers deposited most of the stolen funds to the mixing service, they also transferred 250,000 USDC to the Ukraine Crypto Donation wallet.

The platform is still investigating the security breach, it also invited the thieves to negotiate to return the stolen funds.

According to Cointelegraph, project spokesperson “Publius” on April 17 wrote that the project is likely lost since there is no venture capital backing to cover the losses.

Beanstalk DeFi

“In a team and community meeting on the Beanstalk Discord channel on April 18, Publius doxxed the three individuals who developed the project.” added Cointelegraph. “They are Benjamin Weintraub, Brendan Sanderson and Michael Montoya, all of whom attended the University of Chicago together and conceived Beanstalk Farms.” 

DeFi platforms are becoming a privileged target of threat actors, in February attackers have stolen $325 million in cryptocurrency leveraging a bug in the Wormhole communication bridge, while in August 2021 attackers stole $611 from the cross-chain protocol Poly Network.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 
https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Beanstalk DeFi)




Read Entire Article