Crytocurrency

Beanstalk Farms lost $182 million because of a Defi governance flaw.

The stable coin protocol had its own governance proposal system hacked, allowing the bad guys to get all of its $182 million in collateral.

All of the $182 million in collateral that Beanstalk Farms used to back stablecoins was lost because of two sinister governance proposals and a flash loan attack.

Using BIP-18 and BIP-19, an exploiter asked for the protocol to donate money to Ukraine on April 16. This caused a lot of problems for the protocol. A smart contract audit firm called BlockSec says that some proposals had a malicious rider that caused the protocol’s funds to go down the drain.

At 12:24 pm UTC, a decentralized finance (Defi) protocol was hacked for the second time in a row. They took $1 billion in flash loans from the AAVE (AAVE) protocol in DAI (DAI), USD Coin (USDC), and Tether stablecoins at that time. They used these funds to build up enough assets to take over 67% of the protocol’s governance and approve their own ideas.

A flash loan must be done and repaid in a single block, and it usually calls on several smart contracts at the same time to do so. Flash loans have been used in the past to hack or break into other systems. Beanstalk Farms is a platform that makes stablecoins on the Ethereum network that isn’t run by anyone.

This case was not a hack because the smart contracts and governance procedures worked as they were supposed to. In a meeting on April 18, project spokesperson “Publius” said: There were flaws in the design that were used.

It’s unfortunate that the same governance process that put the beanstalk in a good position to succeed was also the thing that brought it down.

Security firm PeckShield sent a tweet on April 17 at 12:41pm UTC to the Beanstalk Farms team that said something like, “Hi, @beanstalkFarms, you may want to take a look.”

That point was too late. At least $80 million in Ether (ETH) and Beans (BEAN), as well as $182 million in total value locked (TVL), have been stolen by an attacker, PeckShield says. The whole protocol lost its value. According to CoinGecko, BEAN is down about 83 percent and trading at $0.17.It hit its low point when the exploiters dumped their tokens.

This is how the exploiter changed BEAN to ETH and then sent the coins to Tornado Cash to hide their digital trail. That’s not all. They also sent 250,000 USDC to the Ukraine Crypto Donation account.

“We are f**ked,” Publius said at 11:49 pm UTC on April 17. He said the project is likely over because there is no venture capital funding to make up for losses.

Publius didxxed the three people who worked on the project during a team and community meeting on the Beanstalk Discord on April 18. They are Benjamin Weintraub, Brendan Sanderson, and Michael Montoya. They all went to the University of Chicago together and came up with Beanstalk Farms.

Montoya said that the team had reached out to the FBI’s Crime Center and that they would “fully cooperate” with them to find the culprits and get back the money.

The protocol’s smart contracts have been put on hold, and the team has taken back all of its governance rights.

The team didn’t answer when Cointelegraph asked if they thought the FBI could help them. Publius thinks this is a theft that should be looked into.

Beanstalk’s community has been mostly supportive of the team during this difficult time, even though they have lost a lot of things in their own lives. It’s not just “Astrabean” who thinks the team should be taking more responsibility for the attack, though. Instead, he thinks the project should accept what happened as an honest mistake and move on. In his speech, he said, “I would have wanted you, as leaders, to take responsibility for what happened.”

Charlies, a member of the community, said the same thing. Are you saying that you don’t have to do anything about this project? Who can we trust that this won’t happen again?

When Publius was asked about the project, he said it was just an open-source code experiment and that neither he nor the rest of the team should be held responsible for the way it turned out. He also said,

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button