UPDATED 22:03 EDT / APRIL 17 2022

SECURITY

$182 million stolen from stablecoin provider Beanstalk Farms in ‘flash loan’ attack

Credit-based stablecoin provider Beanstalk Farms has been hacked, with about $182 million in cryptocurrency stolen.

Those behind the attack used a “flash loan” attack to access the Beanstalk network. A flash loan attack is a type of decentralized finance attack where a cybercriminal takes out a flash loan — a form of noncollateralized lending from a lending protocol — and then manipulates the price of a crypto asset on one exchange to sell it quickly on another. Coinmarketcap noted that flash loan attacks are the most common types of DeFi attacks because they’re the cheapest to pull off and the easiest to get away with.

The amount stolen by the hacker was reported today to include 24,830 Ethereum and more than 100 million Bean tokens. The Bean token is Beanstalk’s stablecoin and is tied to the U.S. dollar, with one Bean equal to $1. Following the hack, the price of Bean crashed to as low as 26 cents.

In response to the attack, Beanstalk Farms posted today that it’s investigating the attack and will make an announcement to the community as soon as possible. In a later tweet, the company said it’s “engaging all efforts to move forward.”

“As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter’s ability to withdraw funds via CEXes,” the company said. “If the exploiter is open to a discussion, we are as well.”

Of the Ethereum stolen, the person or people behind the attack donated the equivalent of $250,000 to Ukraine, with the rest of the stolen ETH sent to a “tumbling” service called Tornado Cash. A cryptocurrency tumbler is a service that mixes potentially identifiable or tainted cryptocurrency funds with others to obscure the trail back to the fund’s original source.

With the attempts by the hacker to cover their trail with the stolen Ethereum, it’s highly unlikely that this was a case of someone testing Beanstalk’s security, which was the case with Poly Network, instead someone who has targeted the company for profit.

The theft of funds from Beanstalk Farms follows the theft of $615 million in cryptocurrency from the Ronin Network, the blockchain platform that runs the popular play-to-earn game “Axie Infinity.”

Image: Beanstalk Farms

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.