During the Easter weekend, an anonymous attacker hacked Beanstalk Farmās reserves and stole $182 million worth of cryptocurrency. The hacker used a flash loan to gain enough voting rights to transfer the money away in a matter of seconds.
Blockchain analytics company PeckShield only noticed the attack on Sunday morning, estimating that the hacker had a total profit of $80 million of the total $182 million, not considering the loans he took to hack the system.
By Sunday afternoon, Beanstalk released a tweet admitting the attack and stating that āThe Beanstalk Farms team is investigating the attack and will make an announcement to the community as soon as possible.ā
Beanstalk Farms is a DeFi project that manages the supply and demand of different cryptocurrencies. It functions through an Ethereum-based algorithmic stablecoin, where holders earn rewards by participating in a common funding pool that balances the value of one token (around $1), known as a āBean.ā
Publius, the developing team behind Beanstalk, designed a governing system where participants could vote on code changes by obtaining voting rights proportionate to the number of tokens they hold.
The attack was made possible by the use of a flash loan, a DeFi product that allows borrowing money for a short amount of time (minutes and even seconds). After receiving the loan, the hacker exchanged the loan for enough āBeansā to gain a majority stake. He then automatically received a code to transfer the funds back to his wallet.
Crypto expert Stephen Diehl stated:
āItās possible for someone to basically buy up all the shares in the organisation. In the normal corporate world this would be illegal because itās embezzlement and self-dealing. However, with a DAO [decentralised autonomous organisation], it basically exists outside of any regulatory perimeter ā so basically anything goes and the code dictates everything. Itās technically ālegalā in some sense, but itās a very grey area.ā
