Yet Another DeFi Protocol Lost Hundreds of Millions After Hack
DeFi lending stablecoin protocol Beanstalk shutdown on Sunday, April 17th, resulting in $181 million in various tokens going missing.
“Beanstalk was exploited today. The Beanstalk Farms team is investigating the attack and will make an announcement to the community as soon as possible“, Beanstalk wrote on its official Twitter page following the hack.
According to a thread of tweets by crypto researcher Igor Igamberdiev, the hacker was able to swipe $76 million. According to researchers, the attack was not a ‘bridge’ exploit as in the case of Ronin, but a flash loan attack.
The hacker subsequently used the acquired assets to vote for a BIP18 governance proposal that moved all funds from the protocol contract to the bad actor. The exploiter then “donated” 250,000 USDC to the Ukraine Crypto Fund before using another portion to pay off the flash loans.
He later converted the remaining funds into 24,000 wETH ($76 million), some of which were sent the crypto mixer Tornado Cash, while the rest (the original amount used to launch the attack) was withdrawn using the DeFi bridge Synapse.
READ MORE: Spotify Built Their Own Metaverse Island
Following a series of attacks on DeFi protocols over the past six months, Tornado Cash has increasingly come under criticism for allegedly aiding investment fraud. The protocol is already under intense scrutiny from U.S. regulators following a hack in which around $625 million were stolen from Ronin, the blockchain network backing the Axie Infinity crypto game.