Beanstalk Farms: Fraudster exploits worth $182M due to governance exploit
https://ift.tt/wERWva6
TL;DR Breakdown
- A governance flaw has led to a big exploit in the collateral of the Beanstalk Farms.
- The malicious actors took benefit of the possible breach in the collateral system, wiping it.
- The damage caused the loss of the whole amount of the collateral of Beanstalk Farms, which amounts to $182 million.
Fraud and exploitation of individuals in the digital world is nothing new, but there are few organized cases where huge financial bodies get robbed. Usually, in the latter case, there is some issue with the protocol or the source code, which affects the system, and the attacker is able to extract data for their benefit. Something similar happened with the Ethereum-based stablecoin, which suffered a tremendous loss due to a fault in its system.
Here is a brief overview of what happened with Beanstalk Farms and how much it has suffered from this exploit.
Beanstalk Farms
Beanstalk Farms is a decentralized finance service that is based on Ethereum Network. It is a stablecoin protocol that customers can use for various purposes. The method used for transactions is that of credit instead of collateral. Users thought of it as safe because of its mechanism, but unfortunately, it proved to be a myth.
Beanstalk has a significant amount of investments because of the direct and indirect opportunities for growth that it offers to investors. The system uses 3 standard ERC tokens, including Beans, Stalks, and Seeds. The Beanstalk system is based on several contributors, including depositors, lenders, and arbitrageurs.
Exploit of Beanstalk Farms
Sunday proved to be a hard day for Beanstalk Farms because of the exploit that it went through. The attack was first reported on Twitter when a blockchain security firm named PeckShield reported its details. According to their estimates, the losses were about $80 million. Later details disclosed that the losses were even bigger.
As the news regarding the exploit was disclosed, its market value also saw a decline. The data from CoinGecko shows that it went down -86% after this loss as the result of a fraudulent transaction. When the affected firm was asked about the loss details, they referred to the summary that provided an overview of how the scam took place.
The post on their Discord server shows that the attacker used the method of flash loan to deceive the system. The attacker used the lending platform, which helped them in amassing Stalk. Thus, it gave them the rights to govern the system. The further process was much easier. The attacker passed governance that defrauded the system of all its protocol funds.
Loss caused due to exploit
According to the details, the funds were transferred to an Ethereum wallet. The firm has conducted a postmortem of the system to know how it was scammed. Security firm Omnicia conducted the whole process and will work on the details of what can be done further. Various other incidents of the same nature need investigation. Some of them include Axie Infinity’s scam, which made them suffer a loss of $625 million.
There is no news about whether the funds would be reimbursed to the users. The attacker(s) seem to be sympathetic to Ukraine as they also donated $0.25 million to Ukraine Relief Wallet. The said event has raised questions about the reliability of the protocol. Various community members expressed their views saying that the leaders should be held accountable for what happened.
Conclusion
The incident of Beanstalk Farms has alarmed the investors in the stablecoins because of the possible threats they could face. On Sunday, 17 March, the scam swindled this protocol of $80 million initially and $182 million in total. Their team is investigating the details of what happened and will update the community on Discord accordingly.
Cryptocurrency