In the fourth-largest decentralized finance (DeFi) exploit to date, a hacker reportedly used a flash attack to take $182 million in Ethereum, BEAN stablecoin, and other assets from the Beanstalk stablecoin protocol over the weekend.
According to security firm PeckShield, the hacker made off with $80 million from the Ethereum-based project, with the rest used to pay fees on decentralized exchanges and loan services, such as Uniswap and Aave, respectively. These DeFi tools allow people to trade, lend, borrow, and earn interest without using a financial intermediary, but they're not without risk.
The hacker used a flash loan, which allows people to borrow an asset to make a quick trade and then repay the asset—all in just one complex transaction that involves multiple protocols.
PeckShield says that the $80 million has already made its way through Tornado Cash, a coin mixing tool used for privacy—and, in this case, for laundering ill-gotten gains.
Joe Lubin On Ethereum Gas Fees, DeFi, NFTs at Dcentral Miami
In a fireside chat with Decrypt EIC Dan Roberts at Dcentral to kick off Art Basel Miami 2021, Ethereum cofounder and ConsenSys CEO Joe Lubin talked about rising gas fees on Ethereum, institutional adoption of crypto and DeFi, DAOs, and the NFT boom.
The team behind the protocol, Beanstalk Farms, acknowledged the exploit Sunday, tweeting, "As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter's ability to withdraw funds via [centralized exchanges]. If the exploiter is open to a discussion, we are as well."
Beanstalk bills itself as a "decentralized credit-based stablecoin." A stablecoin is a cryptocurrency designed to hold a 1:1 peg with a fiat currency such as the U.S. dollar. While the top stablecoins, Tether and USDC, do that by ostensibly holding cash and other collateral in the bank, Beanstalk uses an algorithm to ensure BEAN holds its value.
13 Biggest DeFi Hacks and Heists
Decentralized finance (DeFi) refers to blockchain applications that cut out middlemen from financial products and services like loans, savings, and swaps. While DeFi comes with high rewards, it also carries plenty of risks. Since just about anyone can spin up a DeFi protocol and write some smart contracts, flaws in the code are common. And in DeFi, there are many unscrupulous actors ready and able to exploit those flaws. When that happens, millions of dollars are put on the line, often with no...
That means that Beanstalk doesn't use collateral, either of the fiat variety or tokens (like with Dai). Its credit-based system theoretically helps limit supply shortages because it's not limited by the amount of collateral people can bring; creditors fill the gap.
Beanstalk Farms has yet to provide more details on who was most affected by the hack, but the hacker appears to have cleaned the protocol out. On April 15, Beanstalk tweeted that it had reached $150 million in total value locked on the protocol, meaning users had committed that much in assets and coins to the protocol as liquidity, deposits or collateral.
