{"id":736,"date":"2022-04-18T22:16:51","date_gmt":"2022-04-18T22:16:51","guid":{"rendered":"https:\/\/grandpascrypto.com\/?p=736"},"modified":"2022-04-18T22:16:53","modified_gmt":"2022-04-18T22:16:53","slug":"beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022","status":"publish","type":"post","link":"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/","title":{"rendered":"Beanstalk lose $182 million as yet another exploit hits DeFi in 2022"},"content":{"rendered":"\n<p><strong><em>tl;dr Summary: <\/em><\/strong><em>Algorithmic stablecoin protocol Beanstalk was exploited for over $182 million on Sunday in a flash loan attack, collapsing the price of its native stablecoin, $BEAN. The hacker disguised the malicious code as a benevolent development proposal to raise funds for Ukraine, and went on to donate $250,000 USDC to Ukraine immediately after the exploit.<\/em><\/p>\n\n\n\n<p><a href=\"https:\/\/bean.money\/\">Beanstalk<\/a> is a DeFi protocol that describes itself as \u2018a decentralised algorithmic stablecoin protocol.\u2019 The project was launched in September 2021, and had been growing in popularity since,<a href=\"https:\/\/twitter.com\/BeanstalkFarms\/status\/1515123454676070400\"> amassing over $150 million in Total Value Locked (TVL)<\/a> according to an official tweet just prior to Sunday\u2019s exploit. The native stablecoin, $BEAN, was designed to be pegged to one dollar by a<a href=\"https:\/\/medium.com\/beanstalkfarms\/introducing-beanstalk-557c45cb8d80\"> novel credit-based mechanism<\/a>. After the hack, $BEAN fell dramatically from the one-dollar peg to a low of around six cents.<\/p>\n\n\n\n<figure class=\"wp-block-image is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i.gyazo.com\/9ed75cb74ac263da723745b38db36d59.png\" alt=\"\" width=\"696\" height=\"401\"\/><figcaption>Source: https:\/\/www.coingecko.com\/en\/coins\/bean<\/figcaption><\/figure>\n\n\n\n<p>Blockchain security company Peckshield were first to alert the crypto community. The Etherscan transaction details were tweeted at 12:41 pm UTC on April 17, just over fifteen minutes after the exploit. The tweet tagged the official Beanstalk account, simply stating that they \u2018might want to take a look.\u2019 The Beanstalk team acknowledged the hack via Discord and their own Twitter platform around one hour later. It is estimated that the hacker made away with around $80 million in crypto, predominantly $ETH and $BEAN, with protocol losses totalling over $180 million!<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">1\/ The <a href=\"https:\/\/twitter.com\/BeanstalkFarms?ref_src=twsrc%5Etfw\">@BeanstalkFarms<\/a> was exploited in a flurry of txs (<a href=\"https:\/\/t.co\/PMsdP5dnJG\">https:\/\/t.co\/PMsdP5dnJG<\/a> and <a href=\"https:\/\/t.co\/wyHe3ARZgU\">https:\/\/t.co\/wyHe3ARZgU<\/a>),<br>leading to the gain of  $80+M for the hacker (The protocol loss may be larger), including 24,830 ETH and 36M BEAN.<\/p>&mdash; PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1515680335769456640?ref_src=twsrc%5Etfw\">April 17, 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>The Beanstalk project had been audited by blockchain security firm Omnicia, however in the security firm\u2019s<a href=\"https:\/\/medium.com\/@omniscia.io\/beanstalk-farms-post-mortem-analysis-a0667ee0ca9d\"> post-mortem<\/a>, they revealed that the section of exploited code was introduced after their audits were completed. Analysis shows that the attacker took multiple<a href=\"https:\/\/whiteboardcrypto.com\/what-is-a-flash-loan-definition-3-examples\/\"> flash loans<\/a>, which allowed them to amass huge amounts of Beanstalk\u2019s native governance token, STALK. By holding >67% of total STALK supply, the attacker gained the majority vote on all protocol governance, which was used to emergency-approve their own malicious proposals.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">4\/ The initial funds to launch the hack are withdrawn from  <a href=\"https:\/\/twitter.com\/SynapseProtocol?ref_src=twsrc%5Etfw\">@SynapseProtocol<\/a> and most of the result gains are deposited to <a href=\"https:\/\/twitter.com\/TornadoCash?ref_src=twsrc%5Etfw\">@TornadoCash<\/a>. Currently 15,154 ETH still stays in the hacker\u2019s account. Note the hacker donates 250k USDC to Ukraine Crypto Donation. <a href=\"https:\/\/t.co\/jBjUJ0JbGj\">pic.twitter.com\/jBjUJ0JbGj<\/a><\/p>&mdash; PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1515693348815790081?ref_src=twsrc%5Etfw\">April 17, 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>It appears that the malicious code was initially introduced by the hacker one day prior to the exploit, submitted as governance proposals BIP-18 and BIP-19, under the benevolent guise of donating protocol funds to Ukraine. These same proposals contained the malicious code that allowed total drainage of Beanstalk\u2019s funds, and were approved by the attacker at the time of exploit. Interestingly, $250,000 of USDC was still sent to the Ukraine Crypto Donation address by the hacker, and it is unclear what will be the fate of these funds.<\/p>\n\n\n\n<p>The project leads took to the official Discord to address the issue, clarifying the protocol\u2019s error in code;<\/p>\n\n\n\n<p><em>\u201cBeanstalk did not use a flash loan resistant measure to determine the % of Stalk that had voted in favor of the BIP. This was the fault that allowed the hacker to exploit Beanstalk.\u201d<\/em><\/p>\n\n\n\n<p>They went on to state that without venture capital backing, it was \u2018highly unlikely\u2019 that there would be a bail out, leaving investors with little hope of recovery of lost funds.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">We\u2019re engaging all efforts to try to move forward. As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter&#39;s ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well. <a href=\"https:\/\/t.co\/fwceVz6hbi\">https:\/\/t.co\/fwceVz6hbi<\/a><\/p>&mdash; Beanstalk Farms (@BeanstalkFarms) <a href=\"https:\/\/twitter.com\/BeanstalkFarms\/status\/1515747114894065664?ref_src=twsrc%5Etfw\">April 17, 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>The hack is the latest in a string of DeFi exploits this year. A<a href=\"https:\/\/grandpascrypto.com\/a-record-625-million-was-stolen-from-axie-infinitys-ronin-network\/\"> recent exploit of the Ronin network<\/a> was touted as the largest crypto hack in history, with over $625 million lost. The attack has<a href=\"https:\/\/www.coindesk.com\/policy\/2022\/04\/14\/us-officials-tie-north-korean-hacker-group-to-axies-ronin-exploit\/\"> since been attributed<\/a> to infamous North Korean hacking group \u2018Lazarus,\u2019 with the funds continuing to be actively laundered on a daily basis.<\/p>\n\n\n\n<p>Whilst the origins of this exploit remain unclear, Beanstalk have stated they are \u201copen to discussion\u201d with the exploiter, hoping for an amicable return of funds. With the majority of funds already deposited into privacy-preserving protocol Tornado Cash, this may be somewhat optimistic. What we know for sure is that public trust in the security of DeFi protocols is beginning to falter, with larger and more frequent exploits striking fear into the hearts of even the most die-hard DeFi degens&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Algorithmic stablecoin protocol Beanstalk was exploited for over $182 million on Sunday in a flash loan attack, collapsing the price of its native stablecoin, $BEAN. The hacker disguised the malicious code as a benevolent development proposal to raise funds for Ukraine, and went on to donate $250,000 USDC to Ukraine immediately after the exploit.<\/p>\n","protected":false},"author":2,"featured_media":738,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[55],"tags":[560,281,209,558,564,303,571,561,563,91,559,567,110,568,569,566,562,486,526,204,565,570,223],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v18.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Beanstalk lose $182 million as yet another exploit hits DeFi in 2022 - grandpascrypto.com\" \/>\n<meta property=\"og:description\" content=\"Algorithmic stablecoin protocol Beanstalk was exploited for over $182 million on Sunday in a flash loan attack, collapsing the price of its native stablecoin, $BEAN. The hacker disguised the malicious code as a benevolent development proposal to raise funds for Ukraine, and went on to donate $250,000 USDC to Ukraine immediately after the exploit.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/\" \/>\n<meta property=\"og:site_name\" content=\"grandpascrypto.com\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-18T22:16:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-18T22:16:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/grandpascrypto.com\/wp-content\/uploads\/2022\/04\/Beanstalk.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Basil\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/grandpascrypto.com\/#website\",\"url\":\"https:\/\/grandpascrypto.com\/\",\"name\":\"grandpascrypto.com\",\"description\":\"Crypto explained so well that your grandpa can understand\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/grandpascrypto.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/grandpascrypto.com\/wp-content\/uploads\/2022\/04\/Beanstalk.png\",\"contentUrl\":\"https:\/\/grandpascrypto.com\/wp-content\/uploads\/2022\/04\/Beanstalk.png\",\"width\":1280,\"height\":720},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/#webpage\",\"url\":\"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/\",\"name\":\"Beanstalk lose $182 million as yet another exploit hits DeFi in 2022 - grandpascrypto.com\",\"isPartOf\":{\"@id\":\"https:\/\/grandpascrypto.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/#primaryimage\"},\"datePublished\":\"2022-04-18T22:16:51+00:00\",\"dateModified\":\"2022-04-18T22:16:53+00:00\",\"author\":{\"@id\":\"https:\/\/grandpascrypto.com\/#\/schema\/person\/04fc4c5a8b4e71be9cf7abc553a4dc77\"},\"breadcrumb\":{\"@id\":\"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/grandpascrypto.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Beanstalk lose $182 million as yet another exploit hits DeFi in 2022\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/grandpascrypto.com\/#\/schema\/person\/04fc4c5a8b4e71be9cf7abc553a4dc77\",\"name\":\"James Wallis\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/grandpascrypto.com\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":{\"url\":\"https:\/\/grandpascrypto.com\/wp-content\/uploads\/2022\/04\/James.jpeg\",\"url2x\":\"https:\/\/grandpascrypto.com\/wp-content\/uploads\/2022\/04\/James.jpeg\"},\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3d76631a60bf1a7fbc3039e3cd1d1aa6?s=96&d=mm&r=g\",\"caption\":\"James Wallis\"},\"url\":\"https:\/\/grandpascrypto.com\/author\/james-wallis\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/","og_locale":"en_US","og_type":"article","og_title":"Beanstalk lose $182 million as yet another exploit hits DeFi in 2022 - grandpascrypto.com","og_description":"Algorithmic stablecoin protocol Beanstalk was exploited for over $182 million on Sunday in a flash loan attack, collapsing the price of its native stablecoin, $BEAN. The hacker disguised the malicious code as a benevolent development proposal to raise funds for Ukraine, and went on to donate $250,000 USDC to Ukraine immediately after the exploit.","og_url":"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/","og_site_name":"grandpascrypto.com","article_published_time":"2022-04-18T22:16:51+00:00","article_modified_time":"2022-04-18T22:16:53+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/grandpascrypto.com\/wp-content\/uploads\/2022\/04\/Beanstalk.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Basil","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/grandpascrypto.com\/#website","url":"https:\/\/grandpascrypto.com\/","name":"grandpascrypto.com","description":"Crypto explained so well that your grandpa can understand","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/grandpascrypto.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/#primaryimage","inLanguage":"en-US","url":"https:\/\/grandpascrypto.com\/wp-content\/uploads\/2022\/04\/Beanstalk.png","contentUrl":"https:\/\/grandpascrypto.com\/wp-content\/uploads\/2022\/04\/Beanstalk.png","width":1280,"height":720},{"@type":"WebPage","@id":"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/#webpage","url":"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/","name":"Beanstalk lose $182 million as yet another exploit hits DeFi in 2022 - grandpascrypto.com","isPartOf":{"@id":"https:\/\/grandpascrypto.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/#primaryimage"},"datePublished":"2022-04-18T22:16:51+00:00","dateModified":"2022-04-18T22:16:53+00:00","author":{"@id":"https:\/\/grandpascrypto.com\/#\/schema\/person\/04fc4c5a8b4e71be9cf7abc553a4dc77"},"breadcrumb":{"@id":"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/grandpascrypto.com\/beanstalk-lose-182-million-as-yet-another-exploit-hits-defi-in-2022\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/grandpascrypto.com\/"},{"@type":"ListItem","position":2,"name":"Beanstalk lose $182 million as yet another exploit hits DeFi in 2022"}]},{"@type":"Person","@id":"https:\/\/grandpascrypto.com\/#\/schema\/person\/04fc4c5a8b4e71be9cf7abc553a4dc77","name":"James Wallis","image":{"@type":"ImageObject","@id":"https:\/\/grandpascrypto.com\/#personlogo","inLanguage":"en-US","url":{"url":"https:\/\/grandpascrypto.com\/wp-content\/uploads\/2022\/04\/James.jpeg","url2x":"https:\/\/grandpascrypto.com\/wp-content\/uploads\/2022\/04\/James.jpeg"},"contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3d76631a60bf1a7fbc3039e3cd1d1aa6?s=96&d=mm&r=g","caption":"James Wallis"},"url":"https:\/\/grandpascrypto.com\/author\/james-wallis\/"}]}},"authors":[{"term_id":162,"user_id":0,"is_guest":1,"slug":"james-wallis","display_name":"James Wallis"}],"_links":{"self":[{"href":"https:\/\/grandpascrypto.com\/wp-json\/wp\/v2\/posts\/736"}],"collection":[{"href":"https:\/\/grandpascrypto.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/grandpascrypto.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/grandpascrypto.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/grandpascrypto.com\/wp-json\/wp\/v2\/comments?post=736"}],"version-history":[{"count":1,"href":"https:\/\/grandpascrypto.com\/wp-json\/wp\/v2\/posts\/736\/revisions"}],"predecessor-version":[{"id":737,"href":"https:\/\/grandpascrypto.com\/wp-json\/wp\/v2\/posts\/736\/revisions\/737"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/grandpascrypto.com\/wp-json\/wp\/v2\/media\/738"}],"wp:attachment":[{"href":"https:\/\/grandpascrypto.com\/wp-json\/wp\/v2\/media?parent=736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/grandpascrypto.com\/wp-json\/wp\/v2\/categories?post=736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/grandpascrypto.com\/wp-json\/wp\/v2\/tags?post=736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}