In the fourth-largest decentralized finance (DeFi) exploit to date, a hacker reportedly used a flash attack to take $182 million in Ethereum, BEAN stablecoin, and other assets from the Beanstalk stablecoin protocol over the weekend.
According to security firm PeckShield, the hacker made off with $80 million from the Ethereum-based project, with the rest used to pay fees on decentralized exchanges and loan services, such as Uniswap and Aave, respectively. These DeFi tools allow people to trade, lend, borrow, and earn interest without using a financial intermediary, but they’re not without risk.
The hacker used a flash loan, which allows people to borrow an asset to make a quick trade and then repay the asset—all in just one complex transaction that involves multiple protocols.
PeckShield says that the $80 million has already made its way through Tornado Cash, a coin mixing tool used for privacy—and, in this case, for laundering ill-gotten gains.
The team behind the protocol, Beanstalk Farms, acknowledged the exploit Sunday, tweeting, “As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter’s ability to withdraw funds via [centralized exchanges]. If the exploiter is open to a discussion, we are as well.”
Beanstalk bills itself as a “decentralized credit-based stablecoin.” A stablecoin is a cryptocurrency designed to hold a 1:1 peg with a fiat currency such as the U.S. dollar. While the top stablecoins, Tether and USDC, do that by ostensibly holding cash and other collateral in the bank, Beanstalk uses an algorithm to ensure BEAN holds its value.
That means that Beanstalk doesn’t use collateral, either of the fiat variety or tokens (like with Dai). Its credit-based system theoretically helps limit supply shortages because it’s not limited by the amount of collateral people can bring; creditors fill the gap.
Beanstalk Farms has yet to provide more details on who was most affected by the hack, but the hacker appears to have cleaned the protocol out. On April 15, Beanstalk tweeted that it had reached $150 million in total value locked on the protocol, meaning users had committed that much in assets and coins to the protocol as liquidity, deposits or collateral.
The best of Decrypt straight to your inbox.
Get the top stories curated daily, weekly roundups & deep dives straight to your inbox.