The hacker managed to launder most of it through Tornado Cash. However, $250,000 of the stolen funds got sent to an aid address based in Ukraine.
An Ethereum-based stablecoin protocol, Beanstalk went through a hacking attack on Sunday that extracted more than $180 million in various digital assets.
Blockchain security firm PeckShield first reported the hack via its Twitter account on Sunday. The attack got initially estimated to have extracted at least $80 million from the network. However, a later report from the firm highlighted that the total loss was $182 million.
Reports suggest that the attack came to effect using a quick loan, flash loan, and a malicious governance proposal.
What Could Have Happened?
According to decentralized finance (DeFi) auditor group BlockSec, the malicious attacker created two enhancement proposals for the network on April 16, specifically BIP-18 and BIP-19, to withdraw part of the Beanstalk funds and donate them to the Ukrainian government.
The presentation got followed by a quick lending attack that allowed the attacker to seize the majority of the votes in the Beanstalk government to pass the proposals.
According to Cointelegraph, the hacker acquired $1 billion in quick loans from the Aave protocol detected in the stable coins DAI, USDCoin (USDC), and Tether (USDT). It then used these currencies to collect enough assets to control 79% of the governance and pass its proposals.
A flash loan is an unsecured loan popular in DeFi that must get implemented and paid within a single block. While hackers have often used this tool to exploit security vulnerabilities in protocols, in the case of Beanstalk, the smart contracts and governance mechanism behaved as designed.
The Attacker Sent Money to Ukraine
The hack reportedly let the hacker control at least $80 million worth of ETH and BEAN, the protocol’s native stable coin. The rest of the lost funds were in the form of liquidity connected to STALK, the governance token of the protocol.
The market for BEAN, Beanstalk’s stable coin that keeps parity with the US dollar, crumbled down shortly after the attack happened. According to CoinGecko, the stable coin is down close to 90%, ultimately losing its attachment to the dollar.
The attacker followed through on the part of his initial proposal, as some $250,000 of the stolen funds would have been sent to a USDC aid address in Ukraine, PeckShield revealed. Meanwhile, much of the extracted currencies got laundered through Tornado Cash, a mixing protocol that allows private transactions.
The news arrived just weeks after another multi-million dollar hacking attack took effect. In March, the Ronin Network sidechain, headquarters to the renowned game Axie Infinity, suffered a hacking that made the platform lose at least USD 600 million or more.
Reports also suggested that the attackers migrated considerable funds to Tornado Cash. US authorities detected the North Korean hacker group called Lazarus, as more recently responsible for the attack.
By: Jenson Nuñez
