Home
News
- Beanstalk protocol upgrades were supported via the Beanstalk Improvement Proposal (BIP) governance process, and as a result, an upgrade might run arbitrary code, allowing the attacker to collect their locked cash as part of their malicious update.’ Omniscia penned the following.
- The culprit, according to Omniscia, was a flash-credit-prone governance issue, which allowed an attacker to propose and then implement a hostile governance proposal that effectively transferred all of the protocol’s assets to the attacker’s wallet.
- The organization announced the hack on Twitter on Sunday and is now looking for a solution. Beanstalk had recently passed a significant milestone, having generated $100 million in BEAN tokens.
Beanstalk Farms, dubbed a decentralized lending-based stablecoin platform, was hacked for around $180 million in paper losses on Sunday, the year’s final DeFi breach. This is the sixth largest log exploit on the rect leaderboard, and the second largest this year, following the gigantic Ronin Bridge attack in March. PeckShield, a security firm, was the first to break the story. The majority of the stolen money are ether, which the attacker rapidly put into the Tornado Cash privacy protocol to hide the origin of the tokens, similar to the Ronin hack.
Innovative System Of Financial Incentives
The organization announced the hack on Twitter on Sunday and is now looking for a solution. Beanstalk had recently passed a significant milestone, having generated $100 million in BEAN tokens. Beanstalk was designed to be pegged to the US dollar, but unlike stablecoins backed by fiat or crypto collateral, it used an innovative system of financial incentives to keep its peg, relying on loans rather than over-collateralization. Paper that is white in color.
The protocol was audited by blockchain security experts Omniscia, but the company indicated in a Post-Mortem Analysis that the production code affected by the vulnerability was not the same as what they had verified. During a live town meeting on Sunday, the developers refuted this claim.
ALSO READ – Silk Road Founder Ross Ulbricht To Forfeit $3 billion worth of BTC To The US Government
A Hostile Governance Proposal
We’re not in the business of throwing fingers, the lead developer explained, but we looked at the report they published and didn’t think it was a true description of what happened. The culprit, according to Omniscia, was a flash-credit-prone governance issue, which allowed an attacker to propose and then implement a hostile governance proposal that effectively transferred all of the protocol’s assets to the attacker’s wallet.
The trick was to employ a giant flash loan—borrowing large sums that had to be repaid in one transaction—instead of going through the normal governance proposal lifecycle. Using $1.04 billion in borrowed stablecoins, the attacker briefly gained a super-majority of the protocol’s voting privileges, allowing malicious code to be executed quickly. Beanstalk protocol upgrades were supported via the Beanstalk Improvement Proposal (BIP) governance process, and as a result, an upgrade might run arbitrary code, allowing the attacker to collect their locked cash as part of their malicious update.’ Omniscia penned the following.
Andrew is a blockchain developer who developed his interest in cryptocurrencies while pursuing his post-graduation major in blockchain development. He is a keen observer of details and shares his passion for writing, along with coding. His backend knowledge about blockchain helps him give a unique perspective to his writing skills, and a reliable craft at explaining the concepts such as blockchain programming, languages and token minting. He also frequently shares technical details and performance indicators of ICOs and IDOs.
