Unknown persons have secured a majority at Beanstalk with the help of a “flash loan” for seconds and transferred all the money lying there.
With Beanstalk, a cryptocurrency platform has been stolen again, this time unknown persons were able to get their hands on about 80 million US dollars. The operators have already admitted the successful attack and provided some details. According to them, the unknown thieves took advantage of the fact that users of Beanstalk can vote on changes to the platform’s code – with voting rights proportional to the respective share in the in-house cryptocurrency.
Using a so-called “flash credit,” the thieves secured enough shares for a few seconds to transfer all of Beanstalk’s money to themselves via a code change. One of the platform’s developers admitted, according to Vice, “we are fucked.”
Beanstalk team can only appeal
Beanstalk has only been around for a few months; the DeFi platform (“Decentralised Finance”) includes its own cryptocurrency, which is to be kept stable through deposits by users. This currency is called “Bean” and through various mechanisms its value is to be kept at around one US dollar. Beanstalk also includes a mechanism that allows users to vote on changes to the code. This is exactly what the thieves have now exploited.
To do so, they borrowed almost a billion US dollars in various cryptocurrencies for a few seconds via another cryptocurrency service, The Verge explains. They immediately invested that in Beanstalk, acquiring a two-thirds majority there and transferring all deposits worth $180 million to themselves. That should have taken less than 13 seconds. After repaying the “flash loan” and accrued fees, the thieves were left with $80 million, according to the report. The Beanstalk team is now appealing to the to pay back 90 percent of it, the rest they could keep. It is doubtful that this will be successful.
The successful break-in at Beanstalk is now the latest case in the rapidly growing list of cryptocurrency platform thefts. This year alone, for example, crypto lending platform Cream.Finance has been relieved of €30 million, blockchain bridge Wormhole of $300 million, and Qubit Finance of $80 million. Unlike those projects, Beanstalk did not require a security breach. The in-house protocol had not been secured against the short-lived acquisition of a majority by a loan. According to a blog post, the platform will be secured and continue to operate.
Picture by Pexels