According to security firm PeckShield, a credit-focused, Ethereum-based stablecoin protocol known as Beanstalk is the latest target of cyber criminals. The DeFi protocol was exploited on 17 April in a flash-loan attack[1] due to which Beanstalk lost around $182 million in crypto assets. As a result, the market for Beanstalk’s stablecoin, BEAN, collapsed. As per CoinGecko, the token’s market went down by 86% from its $1 peg.[2]
Of interest is that the incident is the second massive nine-figure DeFi exploit reported in a month. In March, Ronin Blockchain of Axie Infinity was targeted, allegedly by North Korean hackers, causing a loss of $625 million.
Regarding how the attack was carried out, Beanstalk referred to a post on its Discord server, noting that the exploiter utilized a combination of governance tokens obtained via a flash loan for creating a fake protocol improvement proposal. The attacker used the proposal to gift funds stored in Beanstalk. When the attacker received voting power from the Stalk tokens, they could drain all protocol funds into their personal Ethereum wallet.
PeckShield posted on Twitter the details of the attack. According to its tweet, the attacker took away at least $80 million in crypto while causing significant losses to the protocol. Allegedly the attacker obtained 24,830 ETH and 36M BEAN, equivalent to $75.8 to $80 million. The rest of the funds were connected to the protocol’s governance token in the form of drained liquidity.
The attacker funneled the stolen $80 million in crypto via Tornado Cash. It is a cryptocurrency mixer protocol that facilitates private transactions.
Interestingly, the attacker donated $250,000 of the stolen funds to an address used for raising donations for the Ukrainian government. “The initial funds to launch the hack are withdrawn from @SynapseProtocol and most of the result gains are deposited to @TornadoCash. Currently, 15,154 ETH still stays in the hacker’s account. Note the hacker donates 250k USDC to Ukraine Crypto Donation,” PeckShield tweeted.
Beanstalk did not provide more details such as there’s no clarity on whether the protocol will reimburse funds to users or not.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://etherscan.io/tx/0xcd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7
[2] https://www.hackread.com/attacker-steal-millions-ethereum-beanstalk-stablecoin-protocol/
Comments