Stablecoin Protocol Beanstalk Loses Millions in AttackFlash Loan Incident Resulted in Theft of $76 Million in 'Non-Beanstalk User Assets'
Decentralized credit-based stablecoin protocol Beanstalk suffered a security incident on Sunday, "resulting in a theft of about $76 million in non-Beanstalk user assets," the company said on Tuesday. The Ethereum-based protocol did not specify what those assets included.
But in a tweet, blockchain security firm PeckShield says that the attack has likely caused a total loss of $182 million for the company. This includes the theft of 24,830 ETH and 36 million Bean. Bean is a US$ stablecoin - a digital currency pegged to a reserve asset such as the dollar or gold in a bid to offer stability - while ETH or ether is the native currency of the Ethereum blockchain.
The bad actors have laundered $80 million so far via Tornado Cash, a mixer that allows users to obfuscate their digital trail on the Ethereum blockchain, PeckShield says.
Neither Tornado Cash nor PeckShield responded to Information Security Media Group's request for comment.
In a statement, Beanstalk says that the cybercriminal "used a flash loan to exploit the protocol’s governance mechanism and send the funds to a wallet they controlled." The exploitation was enabled by a previously unknown issue with its governance process, the company says.
Flash loans are essentially collateral-free cryptocurrency asset loans. The only caveat is that the borrower must repay the borrowed amount before the end of that transaction. Bad actors manipulate the markets as the loan transaction is taking place, driving down the value of the borrowed asset and buying it back at a deflated price.
The attacker used flash loans to obtain a large amount of Beanstalk STALK tokens, William Callahan, director of government and strategic affairs for Blockchain Intelligence Group, tells ISMG. STALK tokens are Beanstalk's native governance tokens.
Cryptocurrency investigation and compliance solutions provider Chainalysis adds that the hacker obtained the flash loan from Aave, a decentralized lending protocol. "They then made a fake proposal for Beanstalk governance that would allow them to drain the protocol of all funds, and the way voting is set up, these proposals can be approved in a single transaction. They approved their own proposal and drained the funds," the company tells ISMG.
The threat actor purchased enough tokens to give them the "voting power to pass a governance proposal that drained all the funds on the protocol into the attacker's wallet. The attacker then paid back the flash loans and converted the funds to Wrapped ETH. The stolen funds were then sent through the Tornado Cash mixer," Callahan says.
Kelvin Fichter, who describes himself as a software and computer enthusiast, primarily on blockchain-related projects, and tweets under the smartcontracts pseudonym on Twitter, explains how this works:
"It turns out that $Bean is designed to have a governing system on Ethereum. Users can get access to a special type of asset called 'Seeds.' which acts like voting power in the system. The more Seeds you have, the more voting power you have. Users with Seeds can vote on proposals that do pretty much anything. This is intended to give the system a way to evolve. Users with the most invested in the system are supposed to get control over the way that the system can change. Of course, someone malicious could use this to do very bad things. And that's exactly what we're seeing here."
This 70% number is important because it's higher than the 66% threshold required to execute an "emergency" governance action. With more than 2/3rds of the voting power, the attacker was able to siphon absolutely everything from the $BEAN contract, about $180m worth of assets.— smartcontracts smartcontracts (@kelvinfichter) April 17, 2022
The attacker donated 250,000 of the stolen USD Coins - a stablecoin pegged to the U.S. dollar - to what appears to be a Ukraine relief fund, says Callahan, who has served in the U.S. Department of Justice as a criminal investigator focused on financial investigations.
The Path Forward
The Beanstalk Farms team temporarily shut off the protocol governance after it was alerted about the incident and burned the remaining Beans in the exploiter contract, the statement says. Cryptocurrency burning refers to the process of removing tokens from circulation.
"Beanstalk Farms, the decentralized development team working on Beanstalk, is preparing a strategy to safely re-launch a more secure Beanstalk with a path forward," the statement says.
In a town hall on Tuesday, beanstalk discussed with the community how it plans to recoup the losses from the attack and move forward. It did not respond to ISMG's request for additional details.
It is also "trying to offer the hacker a white hat bounty of 10% of the funds withdrawn," Chainalysis adds.
Blockchain security firm CertiK tells ISMG that the vulnerability that led to the exploit could have been ascertained during a smart contract auditing process. Chainalysis adds that while it is impossible for a protocol to have foresight into all potential attack vectors, this is an example of where auditing the code is important to catch these kinds of loopholes. "Other protocols should use this as a reason to evaluate their governance and potentially take measures to make sure voting remains decentralized," the company says.
PeckShield says: "Beanstalk did not use a flash loan resistant measure to determine the percentage of Stalk that had voted in favor of the BIP. This was the fault that allowed the hacker to exploit Beanstalk.”
Arguably, applying old regulatory frameworks to a new technology is not the right approach, the company says, responding to ISMG's queries on the subject.
"Because crypto is more transparent, there is an opportunity to design new, more efficient regulatory frameworks. We need collaboration between the public and private sectors to design a regulatory framework for DeFi in particular. Because DeFi is decentralized, there often aren’t legal entities that have relationships with end users, so new arrangements must be made," the company says.
Not the First Time
The Beanstalk Farms' exploit is not the first time attackers have exploited flash loans.
In February 2021, the Alpha Homora protocol was drained of $37 million using Iron Bank, DeFi lending firm Cream Finance’s lending platform. And in October 2021, Cream Finance lost $130 million as the result of a flash loan attack.
In September 2021, margin trading protocol bZx was attacked, and attackers drained about $350,000 worth of ETH from its lending platform Fulcrum.
DeFi yield farming aggregator ApeRocket was the victim of a flash loan attack in July 2021 that cost the protocol users $1.26 million.
"Experts in the field have warned flash loans could be used in exploits. The speed of flash loans works to the favor of the criminal actor. A delay from the time of the governance proposal and the execution of the contract would give the impacted parties time to review the proposal and react accordingly," Callahan says.