Ethereum-Based DeFi Protocol BeanStalk Loses Over $180 Million in Latest Exploit

The latest decentralized finance (DeFi) exploit has seen stablecoin protocol Beanstalk crash to zero while losing over $182 million in reserves.

According to blockchain security firm PeckShield, a hacker was able to execute a flash loan attack through Aave to buy an artificial amount of BEAN tokens. After creating a fake BIP-18 to mint an infinite number of BEAN, the attacker used decentralized crypto exchange Uniswap to sell DAI, USDC, and USDT for ETH.

At the time of writing, the hacker has been able to cash out roughly $76 million worth of ETH to Tornado Cash.

"The hack is made possible due to the flashloan-assisted (immediate) pass of BIP18, which was submitted one day ago (https://etherscan.io/tx/0x68cdec0ac76454c3b0f7af0b8a3895db00adf6daaf3b50a99716858c4fa54c6f…). The BIP18 leads to the crafted code execution with the governance privilege to drain the pool fund."

According to Peckshield, the initial funds used to initiate the hack were withdrawn from Synapse Protocol (SYN), and most of the remaining funds have already been sent through Tornado Cash. 15,154 ETH still remains in the hacker's wallet and interestingly, the bad actor donated 250,000 USDC to the Ukraine Crypto Donation ETH address.

BEAN, normally meant to be a stablecoin peg, collapsed after the hack and is currently trading at $0.09, according to data from CoinGecko.

The BEAN exploit comes on the heels of the $615 million Ronin attack, thought to be the biggest crypto hack of all time, plus a series of other exploits dominating the headlines.

In its annual Crypto Crime Report, blockchain tracker Chainalysis recorded a massive increase in revenue for scammers. The firm said that crypto cyber criminals made off with over $14 billion in revenue for 2021.

"But those numbers don’t tell the full story," Chainalysis said.

"Cryptocurrency usage is growing faster than ever before. Across all cryptocurrencies tracked by Chainalysis, total transaction volume grew to $15.8 trillion in 2021, up 567% from 2020’s totals. Given that roaring adoption, it’s no surprise that more cybercriminals are using cryptocurrency. But the fact that the increase in illicit transaction volume was just 79% — nearly an order of magnitude lower than overall adoption — might be the biggest surprise of all. In fact, with the growth of legitimate cryptocurrency usage far outpacing the growth of criminal usage, illicit activity’s share of cryptocurrency transaction volume has never been lower."