An Ethereum-based stablecoin protocol, Beanstalk Farms was hacked with over $182 million reported stolen on Sunday.
PeckShield, a blockchain security startup, reported the incident on Twitter, saying the attacker got off with at least $80 million in cryptocurrency, while the protocol’s losses were far larger.
As a result of the hack, the market for Beanstalk’s BEAN stablecoin plummeted. According to CoinGecko, the coin was down 86 percent from its $1 peg at the time of publication.
According to the report, the attacker obtained a considerable amount of Beanstalk’s native governance token, Stalk, by taking out a flash loan on the lending platform Aave. The attacker was able to swiftly approve a malicious governance proposal that siphoned all protocol money into a private Ethereum wallet thanks to the voting power provided by these Stalk tokens.
In the attack summary, the project leaders wrote: “Beanstalk did not use a flash loan resistant measure to determine the % of Stalk that had voted in favor of the BIP. This was the fault that allowed the hacker to exploit Beanstalk.”
Omnicia, a blockchain security organization, audited Beanstalk’s smart contracts. According to the firm’s Sunday post-mortem, the audit was done before the introduction of the flash loan vulnerability.
Beanstalk declined to comment on whether payments will be repaid to users, stating that additional information would be provided at a town hall meeting on Sunday.
The attacker pretended to give $250,000 of the stolen funds to a Ukrainian humanitarian wallet, according to PeckShield.
This is the most recent in a series of big decentralized finance (DeFi) hacks that have occurred in recent weeks. In March, Axie Infinity’s Ronin Blockchain was hacked for $625 million in an incident linked to North Korea, according to US officials.