Beanstalk Hacker’s $80 Million Profit
Hacker Destroys DeFi Project in 13 Seconds, Makes $80 Million
Just this Sunday, April 17, 2022, a lone dark web hacker stole over $80 million in cryptocurrency. The hack was against a decentralized finance (DeFi) project, Beanstalk Farms. The criminal hacker took advantage of Beanstalk’s majority vote governance system, which is a core feature of many DeFi protocols.
Blockchain analytics firm ‘PeckShield’ estimated the hacker’s net profit at approximately $80 million of total funds stolen; that doesn’t even include the funds used to carry out the attack.
Beanstalk confirmed the hack in a tweet, stating they were still investigating the attack. Beanstalk Farms dubs itself as a ‘decentralized credit-based stablecoin protocol, aimed at balancing the supply and demand for various cryptocurrency assets.’ Its system allows participants to earn rewards by contributing funds to a central funding pool (dubbed “the silo”), which is used to keep the value of one token (dubbed a “bean”) close to $1 USD.
Beanstalk’s creators, a development team called ‘Pubilus’ included a governance mechanism in which participants could vote collectively on code changes, as with many other DeFi projects. They would then gain voting rights proportional to the value of the tokens they held, exposing its dangerous dark flaw. With this critical info in hand, the dark web hacker infiltrated and robbed the platform, which have led to the project’s downfall.
Super Fast Flash Loan Hacks
Dark Web hackers flash loan attacks have been on the rise this year, according to PeckShield, and it was this DeFi product that provided this dark web hacker the critical information to carry out the attack. Flash Loans allow users to borrow huge amounts of cryptocurrency for very short periods – seconds to minutes at most. They’re intended to provide liquidity or to capitalize on price arbitrage opportunities, but they can also be used for sinister purposes too, as seen in the Beanstalk Farms’ hack.
Based on blockchain analytics company CertiK, the Beanstalk hacker borrowed a flash loan of roughly $1 billion in cryptocurrency assets through the decentralized protocol Aave. The hacker was then able to exchange them for enough beans to gain a 67 percent voting stake in the project.
And with lighting speed, the dark web hacker, single-handedly, was able to approve the execution of code that transferred the assets to his own wallet thanks to this super majority stake. The attacker then immediately repaid the flash loan, profiting $80 million. The entire process took less than 13 seconds, based on the duration of an Aave flash loan.