Hackers managed to drain a total of $182 million from the decentralized finance (DeFi) protocol Beanstalk by using a crypto loan to change the governance structure and siphon the funds.

Beanstalk is a protocol that seeks to provide liquidity to multiple cryptocurrencies through a pool of capital from investors who are compensated for risking their assets.

The hackers reportedly took a flash loan of around $1 billion in crypto from the Aave (AAVE) lending protocol and exchanged the assets to BEAN to secure enough voting rights to change the code and execute the transfer of the funds.

Flash loans are credit lines typically used by high-frequency traders to execute large transactions with digital assets that can produce some residual profit.

According to blockchain analytics firms, the whole operation was completed in around 13 seconds and produced a profit of approximately $80 million for the hackers.

Beanstalk Discusses Its Path Forward with the Community

The developing team behind Beanstalk, a group called Publius, first tweeted about the incident on 17 April and initially stated that they were “investigating the attack” before making an announcement.

Yesterday, they published a blog post explaining what happened. According to the team, a total of $76 million were stolen from non-Beanstalk user assets. Publius confirmed that a flash loan was used to perpetrate the attack and they stated that they burned the tokens contained in the exploiter’s contract.

In an interesting turn of events, the developing team made an offer to the hackers in which they would be compensated with a 10% “whitehat bounty” if they sent back 90% of the funds that were withdrawn from the protocol.

Beanstalk has been meeting with members of the crypto community and investors to outline a path forward for the protocol. According to their latest “town hall” meeting, these were the steps that the team plans to follow to restore trust and keep building:

  1. Securing the enduring success of Beanstalk’s economic model.
  2. Attracting sufficient capital to restart Beanstalk.
  3. Preserve as much of each Farmers’ Stalk, Seed and Pod positions as possible.
  4. Align new capital with previous Stalk and Pod holders.

US Authorities Warn About North Korean Cyber Criminals

This latest attack on Beanstalk has been the latest in a series of hacks perpetrated against DeFi protocols and decentralized applications (dApps) including the prominent theft of over $600 million from Axie Infinity (AXS).

Just hours ago, the United States Cybersecurity & Infrastructure Security Agency (CISA) emitted an alert concerning the activities of hacker groups sponsored by the North Korean government. These groups are targeting projects within the crypto space including DeFi protocols, play-to-earn (P2E) platforms, institutional investors, and individual token holders.

According to CISA’s alerts, Lazarus – the name of the group of criminals who are reportedly behind the Axie Infinity incident and other prominent crypto cyber attacks – employ “spearphishing” techniques that target employees at firms within the blockchain industry to gain access to critical systems and sensitive information about the entities they work for.

These campaigns are typically messages that offer high-paying jobs within the industry and their purpose is to entice the readers to download malicious software.

“The activity described in this advisory involves social engineering of victims using a variety of communication platforms to encourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems”, the CISA report stated.

It added: “The cyber actors then use the applications to gain access to the victim’s computer, propagate malware across the victim’s network environment, and steal private keys or exploit other security gaps. These activities enable additional follow-on activities that initiate fraudulent blockchain transactions”.

Crypto assets are highly volatile unregulated assets. Your capital is at risk.