red 
Between April 16 and 17, an exploiter launched a series of malicious transactions targeting the Beanstalk Farms Ethereum-based decentralized stablecoin protocol. The exploiter stole various cryptoassets from the platform, including BEAN – the original stablecoin of the protocol. The attacker managed to obtain just under 25,000 Ether (ETH), which is worth $76 million. In total, the protocol is believed to have lost $182 million.
Investigations have shown that it is exploiter used both a flash loan and a management takeover to launch the exploit – two common DeFi vectors discussed in a recent Elliptic report: “DeFi: Risk, Regulation and the Rise of Decriminalization”.
Theft is believed to be one of the biggest loan attacks in terms of the amount stolen.
How the exploitation took place
The attack began on April 16, when an exploiter bought 212,858.50 BEAN – the protocol’s native stablecoin – with an initial investment of 73 ETH. The BEANs are then deposited into a “silo” – a protocol-specific term for a funding pool – where users can deposit funds in exchange for a reward. Silo funds maintain BEAN’s fixed price of $1.
The exploiter then proposed two “Bean Improvement Proposals” (BIPs) for Beanstalk’s smart contract code. Proposals for code changes are common in DeFi, and their approval is subject to the democratic consensus of protocol users. The BIPs – disguised as proposals for donations to Ukraine – were malicious proposals to transfer protocol funds to the researcher’s own wallet, which were already causing controversy among confused users before the theft.
On withdrawing flash loans of nearly $1 billion in assets, the exploiter deposited them into a silo to accumulate roughly 67% of the “stem position”—a protocol term for voting power. Under the rules of the BIP acceptance protocol, the exploiter could then independently approve malicious proposals to transfer funds to their wallets – 24 hours after they were originally proposed. The stolen BEAN and associated liquidity pool units were then converted into Ether (ETH).
Consequences
With most of its assets depleted, the protocol lost more than $182 million in value. The exploit also crashed the price of BEAN from $1 to $0.1. The attacker was therefore only able to convert $76 million worth of assets into ETH. Almost all of these funds were sent through the popular Ethereum-based smart contract mixer Tornado Cash, while $250,000 in USDC was unexpectedly donated to the Crypto Fund of Ukraine.
Although the project’s code has been revised, recent updates to the code targeted by the exploit have not – led to this core flashloan vulnerability go unnoticed.
Beanstalk Farms – which has since revealed the identity of its Publius development team following conspiracies about alleged insider involvement – reached out to the exploiter via on-chain bug bounty offer. That reads:
A message on the chain that Beanstalk Farms sent to the exploiter.
The protocol also has announced the strategy for progress from exploitation and promised to continue the project. The exploiter – reported to the FBI by the Beanstalk developers – did not respond to the 10% bug bounty offer.
How we can help
Elliptic has flagged the address of the exploiter in its systems as a matter of urgency and continues to actively monitor the DeFi space for further exploits. Our action will ensure that our clients are aware of any potential extortion attempts by exploiters.
You can learn more about our cryptoasset compliance solutions or contact us for a demo.
