On Sunday, an attacker managed to drain around $182 million of cryptocurrency from Beanstalk Farms, a decentralized finance (DeFi) project aimed at balancing the supply and demand of different cryptocurrency assets. Notably, the attack exploited Beanstalk’s majority vote governance system, a core feature of many DeFi protocols.
The attack was spotted on Sunday morning by blockchain analytics company PeckShield, which estimated the net profit for the hacker was around $80 million of the total funds stolen, minus some of the borrowed funds that were required to perform the attack.
Beanstalk admitted to the attack in a tweet shortly afterward, saying they were “investigating the attack and will make an announcement to the community as soon as possible.”
Beanstalk describes itself as a “decentralized credit based stablecoin protocol,” and operates a system where participants earn rewards by contributing funds to a central funding pool (called “the silo”) that is used to balance the value of one token (known as a “bean”) at close to $1.
Like many other DeFi projects, the creators of Beanstalk — a development team called Publius — included a governance mechanism where participants could vote collectively on changes to the code. They would then obtain voting rights in proportion to the value of tokens that they held, creating a vulnerability that would prove to be the project’s undoing.
The attack was made possible by another DeFi product called a “flash loan,” which allows users to borrow large amounts of cryptocurrency for very short periods of time (minutes or even seconds). Flash loans are meant to provide liquidity or take advantage of price arbitrage opportunities but can also be used for more nefarious purposes.
According to analysis from blockchain security firm CertiK, the Beanstalk attacker used a flash loan obtained through the decentralized protocol Aave to borrow close to $1 billion in cryptocurrency assets and exchanged these for enough beans to gain a 67 percent voting stake in the project. With this supermajority stake, they were able to approve the execution of code that transferred the assets to their own wallet. The attacker then instantly repaid the flash loan, netting an $80 million profit.
Based on the duration of an Aave flash loan, the entire process took place in less than 13 seconds.
“We are seeing an increasing trend in flash loan attacks this year,” said CertiK CEO and co-founder Ronghui Gu. “These attacks further emphasize the importance of a security audit, and also being educated about the pitfalls of security issues when writing Web3 code.”
When implemented properly, DeFi services benefit from all the security of blockchain, but their complexity can make code difficult to fully audit, making such projects an attractive target for hackers. In the case of the Beanstalk hack, the Publius team admitted that they had not included any provision to mitigate the possibility of a flash loan attack, although presumably this was not apparent until the situation occurred.
A request for comment (sent to the Publius team through Discord) has not yet received a response as of press time.
Brian Pasfield, CTO at cryptocurrency lending platform Fringe Finance, said that decentralized governance structures (known as DAOs) could also create problems in themselves.
“DAO governance is currently trending in DeFi,” Pasfield said. “While it is a necessary step in the decentralization process, it should be done gradually and with all the possible risks carefully weighted. Developers and administrators should be aware of new points of failure that can be created by developers or DAO members intentionally or by accident.”
For investors in Beanstalk who have lost their staked coins, there may be little recourse. In a message posted immediately after the hack, the Beanstalk founders wrote that it was “highly unlikely” the project would receive a bailout since it had not been developed with VC backing, adding “we are fucked.”
In the project’s Discord server, many users claim to have lost tens of thousands of dollars of invested cryptocurrency. Since the attack, the hacker has been moving funds through Tornado Cash, a privacy-focused mixer service that has become a go-to step in laundering stolen cryptocurrency funds. With much of the stolen money now obscured, it’s unlikely to be traced and returned.
In the wake of the attack, the value of the BEAN stablecoin has tanked, breaking the $1 peg and trading for around 14 cents on Monday afternoon.