Interestingly, the attacker donated $250,000 of the stolen funds to an address used for raising donations for the Ukrainian government.
According to security firm PeckShield, a credit-focused, Ethereum-based stablecoin protocol known as Beanstalk is the latest target of cybercriminals. The DeFi protocol was exploited this Sunday in a flash-loan attack due to which Beanstalk lost around $182 million in crypto assets.
Resultantly, the market for Beanstalk’s stablecoin, BEAN, collapsed. As per CoinGecko, the token’s market went down by 86% from its $1 peg.
It is worth noting that the incident is the second massive nine-figure DeFi exploit reported in a month. In March, Ronin Blockchain of Axie Infinity was targeted, allegedly by North Korean hackers, causing a loss of $625 million.
How was the Attack Carried Out?
Regarding how the attack was carried out, Beanstalk referred to a post on its Discord server, noting that the exploiter utilized a combination of governance tokens obtained via a flash loan for creating a fake protocol improvement proposal.
The attacker used the proposal to gift funds stored in Beanstalk. When the attacker received voting power from the Stalk tokens, they could drain all protocol funds into their personal Ethereum wallet.
Details of Losses
PeckShield took to Twitter to disclose details of the attack. According to its tweet, the attacker took away at least $80 million in crypto while causing significant losses to the protocol.
Reportedly, the attacker obtained 24,830 ETH and 36M BEAN, equivalent to $75.8 to $80 million. The rest of the funds were connected to the protocol’s governance token in the form of drained liquidity. The attacker funneled the stolen $80 million in crypto via Tornado Cash. It is a cryptocurrency mixer protocol that facilitates private transactions.
Funds Donated to Ukraine Relief Fund
Interestingly, the attacker donated $250,000 of the stolen funds to an address used for raising donations for the Ukrainian government.
“The initial funds to launch the hack are withdrawn from @SynapseProtocol and most of the result gains are deposited to @TornadoCash. Currently, 15,154 ETH still stays in the hacker’s account. Note the hacker donates 250k USDC to Ukraine Crypto Donation,” PeckShield tweeted.
4/ The initial funds to launch the hack are withdrawn from @SynapseProtocol and most of the result gains are deposited to @TornadoCash. Currently 15,154 ETH still stays in the hacker’s account. Note the hacker donates 250k USDC to Ukraine Crypto Donation. pic.twitter.com/jBjUJ0JbGj— PeckShield Inc. (@peckshield) April 17, 2022
Beanstalk didn’t provide more details such as there’s no clarity on whether the protocol will reimburse funds to users or not.
More Cryptocurrency Hacks
- Phishing scam: NFTs Worth $1.7M Stolen from OpenSea Users
- Ex-Crypto CEO accused of 2016’s $11 billion Ethereum DAO hack
- “Ethical Hacker” Stole Half a Million in Crypto Form Elderly Person
- HubSpot Data Breach – Major Cryptocurrency Companies Impacted
- $3.6 billion worth of Bitcoin seized from crooks tied to 2016’s Bitfinex hack