link.png

ID:

beanstalk-protocol-850

Date:

Status:

Incident Count:

April 17, 2022

Verified

1

info.png
target.png
REKT

Contributor:

chain.png

zerofriction.io

KYC By:

KYC:

No

info.png

Audit By:

Audits:

Omniscia

Loss Amount:

80,000,000

info.png

Recovered:

-

Rewards:

Currency:

USD, ETH

info.png

Beanstalk is a decentralized credit based stablecoin protocol. The protocol was exploited through a flash loan to take advantage of a poor governance design in the contract to pass a proposal using the number of tokens held in the account allowing liquidity to be removed into a private Ethereum wallet. According to the port-mortem, the exploited code was not audited by the auditor. Stolen funds were converted inbto ETH and deposited into Tornado.Cash. It is very unlikely that the event was an inside job because the developers self-doxxed themselves (https://cryptonews.com/news/beanstalk-hacker-drains-usd-182m-from-project-but-nets-only-usd-80m.htm) as well as reported the incident to the FBI's IC3.

Beosin provided the breakdown of the event:

1. The hacker initiated a proposal one day before the attack, and the proposal will withdraw funds from Beanstalk: Beanstalk Protocol contract once passed. https://medium.com/@Beosin_com/beosins-analysis-of-the-beanstalk-exploit-6c2f4900af87

2. The hacker exchanged 350,000,000 DAI, 500,000,000 USDC, 150,000,000 USDT, 32,100,950 BEAN and 11,643,065 LUSD as a reserve of funds through flashloan.

3. Added DAI, USDC, USDT funds from step-2 in Curve.fi DAI/USDC/USDT trading pool as 979,691,328 3Crv liquidity tokens, swapping 15,000,000 3Crv for 15,251,318 LUSD.

4. Converted 964,691,328 3Crv tokens into 795,425,740 BEAN3CRV-f for voting and added liquidity to 32,100,950 BEAN and 26,894,383 LUSD to get 58,924,887 BEANLUSD-f liquidity tokens.

5. The hacker used BEAN3CRV-f and BEANLUSD-f from step 4 to vote on the proposal, resulting in the proposal passing. Thus the Beanstalk: Beanstalk Protocol contract transferred 36,084,584 BEANs, 0.54 UNI-V2s, 874,663,982 BEAN3CRV-fs, and 60,562,844 BEANLUSD-fs to the contract deployed by the hacker.

6. Finally the hacker removed liquidity and returned the flashloan, converting the profited tokens into 24,830 ETH and transferred to the hacker’s address.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.