On Sunday, April 17th, Beanstalk, a decentralized credit-based stablecoin protocol, was hacked. It resulted in the loss of $181 million in multiple tokens.
Following the exploit, Beanstalk posted on its official Twitter feed. Beanstalk said to have exploited today. The Beanstalk Farms team is looking into the incident and will inform the community as soon as possible.
$76M Out of the Loot
After a well-choreographed heist, the assailant made off with $76 million in the plunder. According to a series of tweets from crypto researcher Igor Igamberdiev, this is the case. According to analysts, the attack at hand was a flash loan attack rather than a bridge exploit like in the case of Ronin.
From three dexes, the attacker allegedly flashloaned 350M $Dai, 500M $USDC, 150M $USDT, 32M $Bean, and 11.6M $LUSD 2. This is prior to transferring the funds to Curve.fi via BEAN for governance voting.
The asset later utilized by the exploiter to vote for a BIP18 governance proposal. The exploiter then “donated” 250,000 USDC to Ukraine’s cryptocurrency donation before repaying the flash loans with the remainder.
The remaining money then converted to 24.8k WETH ($76M). A portion of it was delivered to Tornado cash, while the rest (the amount needed to launch the attack) was withdrawn via a DeFi bridge-Synapse.
Investing in Fraud
Beanstalk has enlisted the help of the DeFi community and chain analytics experts as of this writing. This will aid them in limiting the exploiter’s ability to withdraw monies through CEXes. They’ve also stated that they’re open to talking to the hacker. Tornado Cash, on the other hand, has yet to answer.
Tornado Cash has come under fire for allegedly assisting investment fraud after a number of attacks against DeFi protocols in the last six months. The technique already scrutinizes by US officials following a hack that resulted in the loss of approximately $625 million from Ronin. The Axie Infinity play-to-earn crypto game powers by this blockchain network.
Tornado Cash hired Chainalysis oracle contract, a crypto data research firm, on Friday. This is to prevent OFAC-sanctioned addresses from accessing the protocol, giving Defi users more security hope. However, this could assist to reduce the threat of stolen funds laundered. Because the protocol’s smart contracts are immutable, hackers may still utilize Tornado Cash to cash out anonymously.
However, many people are still perplexed as to how a clean mixer with $1.1 billion in ETH deposits last month was able to do so. It has a 95% withdrawal rate with relayers use, and it “remains compliant” while maintaining privacy.