Ethereum Based Stable Coin Protocol, Beanstalk Hacked for $182 Million

^(Source)

Evening

Today, Beanstalk an Ethereum based stable coin was exploited for $182 million. Blockchain security firm PeckShield initially reported that they hacker got away with $80 million worth funds but the estimate was revised latter.

So, how did the hack happened? Apparently, the exploiter took a flash loan from the lending protocol Aave and purchased large amount of Beanstalk’s native governance token, Stalk. And the voting power granted due to those Stalk tokens allowed hacker to quickly pass a malicious governance proposal resulting in draining of protocol funds into hacker's Ethereum wallet. After draining protocol's funds hacker swapped them for Ethereum.

Following the hack, Beanstalk's stable coin Bean broke the peg and plummeted down to virtually zero, as per data from CoinGecko. Bean is a collateral free stable coin that relies on a the protocol's lenders community to maintain its peg.

So far the exploiter have managed to launder $30 million of stolen funds via coin mixer Tornando Cash. Hacker also donated $250,000 of stolen crypto to the Ukrainian Relief Fund.

Beanstalk protocol acknowledges the exploit, stating that further investigations are in progress and future actions like reimbursement plans will be discussed in upcoming Town Hall on official discord channel.

Beanstalk hack came just a few weeks after the huge $622 million Axie's Ronin Bridge hack. Apparently flash loan attack safeguards were not implemented on protocol, which is a shame because too many time we have seen hacker's using flash loan scheme to exploit defi protocols.