Crooks steal $182 million from Beanstalk DeFi platform

Credit-based stablecoin protocol Beanstalk discloses a security breach that resulted in the loss of all of its $182 million.

The decentralized, credit-based finance system Beanstalk suffered a security breach that resulted in financial losses of $182 million. Researchers at blockchain analysis firm PeckShield reported that the attackers have stolen $80 M for the hacker. PeckShield first reported the suspicious activity to the Beanstalk team via Twitter on Sunday.

Hi, @BeanstalkFarms, you may want to take a look: https://t.co/wyHe3ARZgU

— PeckShield Inc. (@peckshield) April 17, 2022

We’re engaging all efforts to try to move forward. As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter’s ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well. https://t.co/fwceVz6hbi

— Beanstalk Farms (@BeanstalkFarms) April 17, 2022

We’re engaging all efforts to try to move forward. As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter’s ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well. https://t.co/fwceVz6hbi

— Beanstalk Farms (@BeanstalkFarms) April 17, 2022

1/ The @BeanstalkFarms was exploited in a flurry of txs (https://t.co/PMsdP5dnJG and https://t.co/wyHe3ARZgU),
leading to the gain of $80+M for the hacker (The protocol loss may be larger), including 24,830 ETH and 36M BEAN.

— PeckShield Inc. (@peckshield) April 17, 2022

The security breach was caused by two shady governance proposals (BIP-18 and BIP-19) and a flash loan attack. The attackers

The attacker made a proposal in the suspicious transaction, the malicious contract will be executed when the proposal passes, smart contract auditor BlockSec explained.

“The problem for the protocol was seeded by suspicious governance proposals BIP-18 and BIP-19, which were issued on Saturday by the exploiter, who asked for the protocol to donate funds to Ukraine.” reported the CoinTelegraph. “However, those proposals had a malicious rider attached to them th ultimately created the sinkhole of funds from the protocol, according to smart contract auditor BlockSec.”

1/ The analysis of the @BeanstalkFarms attack.

The attacker made a proposal(18) in this transaction(https://t.co/30sIhf89xq), with _init(0xe5ecf73603d98a0128f05ed30506ac7a663dbb69), the malicious contract that will be executed when the proposal passes.@defiprime @WuBlockchain pic.twitter.com/cD42T1iJRe

— BlockSec (@BlockSecTeam) April 17, 2022

Researchers at smart contract auditors and developers at Omniscia who analyzed the attack explained that the attackers conducted a flash-loan attack on the Beanstalk Protocol. The hackers exploited a vulnerability in its newly introduced Curve LP Silos to compromise the protocol’s governance mechanism and conduct an emergency execution of a malicious proposal to steal the funds.

A flash loan attack takes place when hackers loan funds from a DeFi platform and bypass the loan mechanism to steal funds using exploits.

PeckShield researchers explained that attackers deposited most of the stolen funds to the mixing service, they also transferred 250,000 USDC to the Ukraine Crypto Donation wallet.

4/ The initial funds to launch the hack are withdrawn from @SynapseProtocol and most of the result gains are deposited to @TornadoCash. Currently 15,154 ETH still stays in the hacker’s account. Note the hacker donates 250k USDC to Ukraine Crypto Donation. pic.twitter.com/jBjUJ0JbGj

— PeckShield Inc. (@peckshield) April 17, 2022

The platform is still investigating the security breach, it also invited the thieves to negotiate to return the stolen funds.

According to Cointelegraph, project spokesperson “Publius” on April 17 wrote that the project is likely lost since there is no venture capital backing to cover the losses.

“In a team and community meeting on the Beanstalk Discord channel on April 18, Publius doxxed the three individuals who developed the project.” added Cointelegraph. “They are Benjamin Weintraub, Brendan Sanderson and Michael Montoya, all of whom attended the University of Chicago together and conceived Beanstalk Farms.” 

DeFi platforms are becoming a privileged target of threat actors, in February attackers have stolen $325 million in cryptocurrency leveraging a bug in the Wormhole communication bridge, while in August 2021 attackers stole $611 from the cross-chain protocol Poly Network.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 
https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Beanstalk DeFi)

The post Crooks steal $182 million from Beanstalk DeFi platform appeared first on Security Affairs.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt