Unlock exclusive research & insights you need to navigate the crypto space with confidence

Stablecoin protocol Beanstalk hit by $182 million exploit

17 Apr 2022 : 15:06
Updated : 29 Apr 2022 : 17:47
2 min read
  • A flash loan attack on the credit-based stablecoin protocol Beanstalk resulted in the theft of $80 million in tokens
  • The attack was made possible by a malicious DAO proposal, which allowed the attacker to drain the liquidity

According to security firm Peckshield, a flash loan attack on the credit-based stablecoin protocol Beanstalk resulted in the theft of $182 million in tokens.

A malicious DAO proposal

The attacker took out a $900M flash loan on Aave,a type of uncollateralized lending. They then used these funds to add liquidity to a BEAN + 3pool, a liquidity pool for stablecoins on a decentralized exchange Curve. The attacker then used the funds to accept an improvement proposal (BIP) to drain the protocol’s liquidity, which the attacker was able to pass with its own funds and drain the protocol’s liquidity worth more than $180 million. Interestingly, after the attack, he donated $250k to Ukraine, which was coded into the contract when the attack was carried out.

Even though the attack is still under investigation and the information is not entirely confirmed, the protocol lacked safeguards to prevent this type of DAO proposal. A user should not be able to borrow a large sum of money to approve a proposal quickly. According to one of the founders, Publius, users’ funds are unlikely to be refunded because there is no venture funding, and the attacker is currently attempting to siphon off its funds using Tornado Cash.

What is Beanstalk?

Beanstalk is an Ethereum-based decentralized credit-based stablecoin protocol launched in August 2021. It has its stablecoin, $BEAN, which is uncollateralized. Instead of using collateral, it stated that it relies on a community of lenders to keep Bean pegged by offering incentives to users, lenders, and arbitragers. The protocol had gained popularity due to its high yield. Its stablecoin, $BEAN, currently has a market cap of around $40 million, but it’s unlikely people can withdraw because there is no liquidity.

It remains to be seen whether $BEAN will be able to maintain its peg following the hack, as the team does not appear to have plan. 
Still, there hasn’t been enough information to reach definitive conclusion for the time being, and users are waiting for post-mortem to learn more about the situation.

Stan Colenbrander

Post a Comment