The $180+ Million Beanstalk Flash-Loan Crypto Hack, Explained

Stablecoin protocol Beanstalk Farms has fallen victim to a hack that has cost it at least $180 million. Will the dApp get the funds back?

Rachel Curry - Author

Apr. 18 2022, Published 11:29 a.m. ET

A crypto hack targeted Beanstalk Farms on April 17, causing the Ethereum-based dApp (decentralized app) to lose roughly $180 million. The hacker reportedly made off with nearly half of that amount, and the Beanstalk protocol continues to investigate what went down.

Article continues below advertisement
Article continues below advertisement

For now, it’s unclear whether Beanstalk—a stablecoin protocol—will get the funds from the crypto hack back. In the meantime, it’s enlisting anyone’s help, in true decentralized spirit.

What happened in the Beanstalk crypto hack?

Source: LinkedIn

Beanstalk co-founder and CTO Jack Ross

Ethereum-based Beanstalk Farms cryptocurrency BEAN is a USD-pegged stablecoin that operates as an ERC-20 token. Co-founded by brothers Mike and Jack Ross in 2017, the protocol uses a decentralized credit facility, governance model, and price oracle.

Article continues below advertisement

A hacker was able to pass through Beanstalk’s decentralized governance mechanism and make off with several types of crypto tokens (including BEAN), amounting to about $182 million. The hacker reportedly made off with $80 million of that using flash loans of Beanstalk’s native governance token, STALK, sent through decentralized lending platform Aave. By passing governance, the hacker could then take other tokens in the millions.

Beanstalk is crowdsourcing its next steps

Beanstalk Farms made it clear that it's “engaging all efforts to try to move forward.” Due to the egress of a large swath of tokens at the time of the attack, the value of USD-pegged BEAN plummeted temporarily.

Article continues below advertisement
Article continues below advertisement

About its next steps, Beanstalk says, “As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter's ability to withdraw funds via CEXes [centralized exchanges]. If the exploiter is open to a discussion, we are as well.”

The centralized exchanges Beanstalk mentions are the means through which the hacker was able to withdraw the tokens for cash. Specifically, the hacker used TornadoCash to take out all but 15,154 ETH, or the equivalent of about $44 million, on April 18. Interestingly, the hacker sent about $250,000 in USDC to a Ukraine crypto DAO (decentralized autonomous organization).

Article continues below advertisement

Crypto hack hits right as Beanstalk’s popularity takes off

On April 15, Beanstalk shared that it had achieved some major milestones. Namely, Beanstalk announced $150 million in TVL (total value locked, or the total of staked assets on the protocol), $130 million in liquidity, and a $95 million market cap for its BEAN token.

Article continues below advertisement

That all came crashing down with the hack. According to Beanstalk Farms, there’s no resolution yet—but that doesn’t mean there won’t be.

Regardless, the Beanstalk crypto hack goes to show that even stablecoins aren't without risk. When the security of the protocol is threatened, the value of a fiat-pegged token can still go kaput. This is especially true in the case of flash-loan attacks, which have plagued crypto assets such as Pancake Bunny, xToken, and C.R.E.A.M. Protocols should always use a flash-loan-resistant measure to increase the voting percentage required for flash-loan governance, but Beanstalk failed to do that.


Latest Cryptocurrency & Blockchain News and Updates

    Opt-out of personalized ads

    © Copyright 2024 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.