- Beanstalk is a credit-based decentralized stablecoin protocol built on Ethereum.
- On April 17, around US80 million were reportedly stolen from the protocol in a security breach, but the actual pilfered amount could be US$182 million.
- The project team has contacted the Federal Bureau of Investigation (FBI) to help track down the perpetrators and recover the funds.
Crypto company Beanstalk (BEAN) reportedly lost around US$80 million in a major security breach on Sunday. Coindesk reported that the amount could be much higher, pegged at around US$182 million. Meanwhile, the company has contacted the FBI to help capture the culprits.
According to the report, the attacker may have looted US$182 million from Beanstalk’s collateral in the April 17 attack.
As of April 16, the company’s total value locked (TVL) was US$150 million, and its market cap was US$95 million. Its market value came down by around US$42 million after the incident.
Beanstalk revealed the attack on Twitter on Sunday, saying that it was investigating the attack.
Blockchain security firm PeckShield was the first to report the attack on Twitter. PeckShield claimed that the hacker netted US$80 million, while another US$100 million were routed to protocols like Aave, ShushiSwap, UniSwap, and CurveFinance, as swap fees and flash loans. It added that the attacker transferred US$250,000 to a Ukrainian crypto donation wallet.
How did the attacker exploit the protocol?
The attacker took advantage of the loopholes in the system after the token holders passed a flash-loan-assisted governance proposal, BIP-18, the day before.
The hacker reportedly took out a flash loan on Aave, a lending platform where token holders had amassed a large amount of Stalk, Beanstalk’s native governance token.
Using the Stalk token’s governance power, the attacker manipulated the governance proposal to transfer all the funds to an Ethereum wallet, according to CoinDesk. A Beanstalk project spokesperson said the attacker exploited the design flaws to rob the money.
Also Read: Why is Celer Network (CELR) crypto rising?
The attack comes after Beanstalk’s smart contracts were audited by Omnicia, a blockchain security audit firm. The Beanstalk protocol introduced the flash loan after the audit.
Last month, Axie Infinity’s Ronin Blockchain was robbed of US$625 million in a hacking attack linked to North Korea’s ‘Lazarus’ hacking by US officials.
Also Read: Why is GMX crypto gaining attention?
Also Read: What is Phoenix (FIRE) crypto?
Bean (BEAN) token:
Bean (BEAN) token rose 0.49% to US$1.02 at 5:25 am ET on Monday, as per coinmarketcap.com.
Meanwhile, as per Cointelegraph, the Beanstalk team has revoked the token holders' smart contracts and governance privileges to prevent further damage. The team has also contacted the FBI's Crime Center to help track down the perpetrators and recover the funds.
The crypto market is volatile and is fraught with hacking risks. Hence, investors should carefully evaluate the companies and the broader market before investing in digital assets.
Risk Disclosure: Trading in cryptocurrencies involves high risks, including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory, or political events. The laws that apply to crypto products (and how a particular crypto product is regulated) may change. Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading in the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed. Kalkine Media cannot and does not represent or guarantee that any of the information/data available here is accurate, reliable, current, complete or appropriate for your needs. Kalkine Media will not accept liability for any loss or damage as a result of your trading or your reliance on the information shared on this website.