DeFi protocol Beanstalk Farms lost over $180 million to malicious players due to an exploit on April 17 that allowed a hacker to pass a governance proposal.
ໄດ້ Ethereumບົນພື້ນຖານ stablecoin protocol’s exploit left several tokens missing and saw its U.S. dollar-pegged stablecoin drop below the $1 mark.
Beanstalk ໄດ້ປະສົບກັບການຂູດຮີດໃນມື້ນີ້.
ທີມງານ Beanstalk Farms ກໍາລັງສືບສວນການໂຈມຕີແລະຈະປະກາດໃຫ້ຊຸມຊົນໄວເທົ່າທີ່ຈະໄວໄດ້.
— ສວນຖົ່ວ (@BeanstalkFarms) ເມສາ 17, 2022
Beans protocol exploited
ບໍລິສັດຄວາມປອດໄພ Blockchain PeckShield first reported the hack on Twitter and said a hacker stole more than $80 million by exploiting Beanstalk Farms.
1 / ທ @BeanstalkFarms was exploited in a flurry of txs (https://t.co/PMsdP5dnJG ແລະ https://t.co/wyHe3ARZgU),
leading to the gain of $80+M for the hacker (The protocol loss may be larger), including 24,830 ETH and 36M BEAN.- ບໍລິສັດ PeckShield Inc (@peckshield) ເມສາ 17, 2022
The hacker used flash loans to obtain a large amount of Beanstalk STALK tokens, which gave them enough voting power to pass a governance proposal that drained all the funds on the protocol into the hacker’s wallet.
The hacker then paid back the flash loans from Aave, ສະຫຼັບບໍ່ໄດ້ V2, and ຊູຊິ and converted the funds to Wrapped ETH. The stolen funds were then sent through the Tornado Cash mixer. The hacker also donated some of his stolen crypto to Ukraine.
4/ The initial funds to launch the hack are withdrawn from @SynapseProtocol ແລະສ່ວນໃຫຍ່ຂອງຜົນກໍາໄລແມ່ນຝາກໄວ້ @TornadoCash. Currently 15,154 ETH still stays in the hacker’s account. Note the hacker donates 250k USDC to Ukraine Crypto Donation. pic.twitter.com/jBjUJ0JbGj
- ບໍລິສັດ PeckShield Inc (@peckshield) ເມສາ 17, 2022
Flash loan exploits are common
Beanstalk Farms’ exploit is not the first time attackers have exploited flash loans. According to the attack summary posted on the Beanstalk Discord server, the exploit happened because Beanstalk failed to:
“use a flash loan resistant measure to determine the % of Stalk that had voted in favor of the BIP.”
1/5
The new popular @beanstalkfarms protocol lost $181M+ in today’s exploit, but the attacker only gained $76M.
Let’s figure out what happened? pic.twitter.com/sRjzAF8stE
- Igor Igamberdiev (@FrankResearcher) ເມສາ 17, 2022
The blockchain Security firm responsible for auditing Beanstalk smart contracts, Omnicia, said Beanstalk launched the code with the flash loan vulnerability after its audit. It added in a postmortem analysis of the attack that it had not yet audited the exploited code.
ເນື່ອງ ຈາກ ອັດ ຕາ ສ່ວນ ຂອງ flash loans exploits in the DeFi space, it’s surprising that Beanstalk introduced the code without proper auditing.
In addition, there are concerns about whether the protocol will reimburse users. Beanstalk Farms said it will provide more updates at its next town hall meeting.
The hack comes only a few weeks after a Ronin bridge exploit ສູນເສຍໄປ $600 million on Axie Infinity in March.
Meanwhile, Tornado Cash’s use by hackers has given rise to criticism for its lack of effort in preventing fraud. The ETH mixer recently said it is using the Chainanalysis Oracle contract to block addresses sanctioned by the Office of Foreign Assets Control (OFAC) from using its services.
Tornado Cash ໃຊ້ @ chainlysis ສັນຍາ oracle ເພື່ອສະກັດທີ່ຢູ່ທີ່ຖືກລົງໂທດ OFAC ຈາກການເຂົ້າເຖິງ dapp.
ການຮັກສາຄວາມເປັນສ່ວນຕົວທາງດ້ານການເງິນເປັນສິ່ງຈໍາເປັນເພື່ອຮັກສາສິດເສລີພາບຂອງພວກເຮົາ, ແນວໃດກໍ່ຕາມ, ມັນບໍ່ຄວນມາຢູ່ໃນຄ່າໃຊ້ຈ່າຍຂອງການບໍ່ປະຕິບັດຕາມ.https://t.co/tzZe7bVjZt— ?️ Tornado.cash ?️ (@TornadoCash) ເມສາ 15, 2022
Source: https://cryptoslate.com/defi-protocol-beanstalk-loses-180m-in-exploit-hacker-gains-80m/