DeFi News
- Beanstalk Farms lost $182 million because of a security breach.
- Malicious protocols were issued requesting a donation to Ukraine.
- PeckSheild attempted to alert Beanstalk Farms of the breach via a Tweet, but it was already too late.
Beanstalk Farms, a credit-based stablecoin protocol, lost $182 million because of a security breach. This amounts to all of the company’s collateral. The breach is suspected to be caused by two questionable governance protocols and a flash loan attack.
The problem with the protocol started when governance protocols BIP-18 and BIP-19 were issued on April 16. This was when the exploiter asked the protocol to donate money to Ukraine.
Unfortunately, the protocols had a malicious rider attached to them. According to BlockSec, this created the sinkhole of funds from the protocol.
The takeover took place at 12:24 pm UTC, at which time the exploiters withdrew $1 billion in flash loans from the AAVE protocol which is dominated by DAI (DAI), USD Coin (USDC), and Tether (USDT). This enabled the criminals to take over 67% of the protocol’s governance, allowing them to approve their own protocols.
This incident is not being regarded as a hack as all procedures were working as they should. “Publius”, the spokesperson of the project stated that “It’s unfortunate that the same governance procedure that put Beanstalk in a position to succeed was ultimately its undoing.”
PeckSheild, a blockchain security analysis firm attempted to alert Beanstalk Farms of the breach via a Tweet, but it was too late. The exploiter had already taken $80 million in Ether (ETH) and Beans (BEAN). The protocol also lost $182 million in total value locked (TVL).
Publius wrote on April 17 at 11:49 pm UTC that the project is most likely lost. He explained that there is no venture capital that could help them recoup the losses.