Beanstalk, a decentralized credit-based stablecoin protocol, fell victim to a flash-loan attack over the weekend that saw the protocol exploited for USD 182m worth of crypto. However, the attacker managed to cash out 'only' USD 80m.
According to blockchain security firm PeckShield, the attacker ran away with ETH 24,830 and the protocol's stablecoin BEAN 36m, among others.
After swapping, BEAN lost its dollar peg, which could explain why the attacker netted much lower.
At 7:20 UTC on Monday morning, the 787th coin by market capitalization, BEAN, is trading at USD 0.298, down by 70.5% over the past 24 hours, hence more than 70% in a week, which is a far cry from its target peg of USD 1.
Per PeckShield alerts account, the stolen USD 80m has been laundered via the coin mixing tool Tornado Cash.
The address marked as the "Beanstalk Flashloan Exploiter" currently holds only USD 238.54 worth of ETH.
In a Sunday post, Publius, an admin of Beanstalk's Discord server, detailed that the hack happened after the attacker took out a flash loan from decentralized finance (DeFi) lending protocol Aave and accumulated a large amount of Beanstalk’s native governance token, Stalk.
After gaining a Stalk position of more than 67%, the attacker was able to pass a malicious governance proposal that transferred all assets in the Beanstalk contract to their wallet.
"Beanstalk did not use a flash loan resistant measure to determine the % of Stalk that had voted in favor of the [improvement proposal]," they added. "This was the fault that allowed the hacker to exploit Beanstalk."
Meanwhile, in a Discord meeting earlier today, the developers reportedly doxxed themselves.
Similarly, in a recent announcement on Discord, the developers revealed their
Read more on cryptonews.com