Hackers stole over $80 million from Ethereum-based stablecoin protocol Beanstalk Farms on April 17, said blockchain security company PeckShield Inc, which suspects the losses suffered by the protocol to be much higher. The security firm has estimated a total loss of $182 million in various crypto assets.
PeckShield said in a Twitter post that BeanstalkFarms was exploited leading to the gain of $80+M for the hacker. The protocol loss may be larger, including 24,830 ETH and 36M BEAN.
This was also confirmed by Beanstalk Farms on a Discord post that said, “Beanstalk suffered an exploit on 4/17. Beanstalk Farms team is investigating the attack and charting a path forward.”
Beanstalk Farms has also asked the DeFi community for help. In a Twitter post, it said, “As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter's ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well.”
According to PeckShield, the breach and theft were caused by a flash-loan attack in which the hacker compromised the protocol’s governance mechanism, then executed an emergency execution of a malicious governance proposal to transfer protocol funds into a private Ethereum wallet.
The hacker has moved $30 million from the stolen funds to Tornano Cash, an Ethereum-based coin mixing tool. Mixers are used to convert one cryptocurrency into another to make tracking by law enforcement difficult. According to PeckShield, the hacker has also made a donation of $250,000 to a Ukrainian relief wallet. “Currently 15,154 ETH still stays in the hacker’s account,” the security firm said in the Twitter thread.
After the incident was reported, the value of Beanstalk’s BEAN stable coin fell by 76.3%, according to CoinGecko.
The growing value and volume of crypto transactions have spurred a string of cyberattacks and theft of cryptos worth millions of dollars. For instance, last month hackers stole cryptos worth $625 million from Ronin Network by compromising its validator nodes. Created by Sky Mavis, Ronin Network is a sidechain of the Ethereum network that is used for transactions on the play-to-earn blockchain game Axie Infinity. A few days before that, hackers targeted token migration network Wormhole and stole wETH (wrapped Ethereum) tokens worth $321 million.