Another DeFi platform took a major hit today, as the decentralized, credit-based stablecoin Beanstalk (with it’s stablecoin $BEAN) has broken it’s peg following a roughly $80M hack.
Speculation has been left, right and center and a number of sleuths have been tracking the movement of funds and studying the exploit that has likely left Beanstalk Farms in the dust.
Let’s look at what we know from the early hours since the hack.
Beanstalk Farms’ Hack: What Went Down
The transaction on Etherscan shows that the hacker used what’s commonly known as a ‘flash loan attack,’ one that has been seen on DeFi protocols previously. A flash loan in crypto allows a user to borrow and repay a loan in a single transaction, which minimizes risk for lenders and can streamline processes for borrowers.
In the Beanstalk Farms hack, the hacker borrowed nearly a third of the BEAN supply, roughly 32 million tokens and utilized Curve Finance’s $3Crv tokens to generate a unique tokens ‘BEAN3CRV-f’ and ‘BEAN3LUSD-f.’
The attacker utilized these two new tokens to deceive Beanstalk’s governance model and gave the hacker a massive majority holding of ‘seeds,’ the platform’s governance token. With such a larger holding of seeds, the hacker had the contractual capability to execute an ’emergency governance action,’ siphoning massive amounts of funds from the Beanstalk contract.
The hacker even included a $250K donation to the Ukrainian donation address as part of the hack, and set up the governance proposals over 24 hours prior to actual execution of the flash loan attack.
Lossless (LSS) has reached out to Beanstalk; the project is an increasingly-utilized tool to combat against potential hacks. | Source: LSS-USDT on TradingView.com
Can The Protocol Recover?
Just days ago, Beanstalk was celebrating over $150M in TVL, over $130M in liquidity, and a rapidly approaching market cap of $100M that was impending. The protocol has had to pump the brakes, and it’s future is now unclear – with a stark Discord screenshot from admins:
How the protocol recovers from here will be difficult to predict. Additional Discord screenshots show that the project is not shutting down immediately, but is also not committing towards an eventual re-build:
Crypto hack mitigators Lossless have reached out and Beanstalk will likely need strong partners to recover from this. Commentors on Beanstalk’s Twitter account have speculated that it was an ‘inside job’ conducted by Beanstalk to leave retail as exit liquidity. However, until more details come to light, it’s all speculation.
We’re engaging all efforts to try to move forward. As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter’s ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well. https://t.co/fwceVz6hbi
— Beanstalk Farms (@BeanstalkFarms) April 17, 2022
Related Reading | ADA To Rebound With Integration Of USDT And USDC On Cardano
Featured image from Pixabay, Charts from TradingView.com The writer of this content is not associated or affiliated with any of the parties mentioned in this article. This is not financial advice.