Inscrivez-vous maintenant pour un meilleur devis personnalisé!

Beanstalk DeFi project robbed of $182 million in flash loan attack

21 avr. 2022 Hi-network.com

Decentralized finance (DeFi) project Beanstalk has lost$182 million in a flash loan attack.

Security

Cyber security 101: Protect your privacy from hackers, spies, and the government

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

Read now

It might seem more like a corporate heist than a typical cyberattack. Still, this security incident was possible after the unknown threat actor secured the project voting rights necessary to transfer reserve funds away from the project's liquidity pools.

On April 19, Beanstalk, a credit-based stablecoin protocol project based on Ethereum, said the platform was subject to a flash loan attack two days previously.

The cyberattack exploited the project's protocol governance mechanism. According to a post-mortem conducted by Omniscia, the exploit occurred due to the recent implementation of the Curve LP Silos, "ultimately permitting the attacker to conduct an emergency execution of a malicious proposal siphoning project funds."

Flash loan functions in DeFi projects allow users to borrow large amounts of virtual funds for a short period of time. In Beanstalk Farm's case, voting powers were based on the amount of tokens held.

Omniscia says that after the attacker secured a flash loan -- and, therefore, extensive voting rights normally used to accept or decline changes in the protocol's code -- an emergency governance mechanism was abused to 'vote' for a malicious proposal and allow themselves to send funds to a wallet they controlled.

The flash loan was then repaid.

According to PeckShield, who first spotted the attack, total losses reached$182 million, with the attacker able to pocket roughly$80 million. Other losses were due to the fees required to execute the flash loan.

Stolen assets were then liquidated into Ethereum (ETH). Beanstalk says approximately$76 million in non-Beanstalk assets were stolen from liquidity pools.

Beanstalk was paused following the discovery of the attack, but this was not enough to prevent the theft or claw back the stolen funds.

Remaining BEANs in the exploiter contract have been burned.

In a tweet, Beanstalk offered the attacker 10% of the stolen funds as a bug bounty if they returned 90%.

Notably, the thief also appears to have sent$250,000 to the Ukrainian relief fund Ukraine Crypto Donation.

"Beanstalk Farms, the decentralized development team working on Beanstalk, is preparing a strategy to safely re-launch a more secure Beanstalk with a path forward," the project says.

There are several goals on the roadmap: attracting investment to restart Beanstalk; preserving "as much of each Farmers' Stalk, Seed, and Pod positions as possible," and "aligning new capital with previous Stalk and Pod holders."

"This eye-watering amount of money stolen will not only bite financially but in it will potentially chip away at the trust too," commented Jake Moore, Global Cyber Security Advisor at ESET. "Attackers are heavily targeting crypto finance systems due to the extremely high rewards whilst often leaving no remanence of evidence whatsoever."

Previous and related coverage

  • Frosties NFT operators arrested over$1.1 million 'rug pull' scam
  • Scammers target us on social media now more than ever
  • Discord servers targeted in cryptocurrency exchange scam wave

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Tags chauds: technologie La sécurité

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.