Beanstalk Flash-Loan Attack Explained: USD 80m Successfully Stolen

This weekend, the Beanstalk decentralized credit-based stablecoin protocol was exploited in a flash-loan attack that saw USD 182m worth of crypto stolen. However, the attacker managed to cash out ‘only’ USD 80m before the exploit was detected and stopped. In this article, we’ll take a closer look at what happened and explore how the attack worked.

What is a beanstalk and how does it work

A beanstalk is a decentralized credit-based stablecoin protocol on the Ethereum blockchain that allows users to collateralize their crypto assets and borrow against them. The protocol uses a smart contract to automatically mint and burn its own ERC20 token, called Beans (BEAN), in order to stabilize its value. When a user collateralizes their ETH or other supported assets, they receive an equal amount of BEAN tokens. These tokens can then be used to borrow other assets from the protocol or traded on exchanges.

The key difference between beanstalks and traditional lending platforms is that beanstalks do not require a centralized entity to hold or manage the collateral. Instead, the collateral is stored on the Ethereum blockchain in a smart contract. This makes beanstalks much more resistant to hacks and fraud than traditional lending platforms.

What is a beanstalk loan?

A beanstalk loan is a loan that is given out by the Beanstalk decentralized credit-based stablecoin protocol. The loan is given in the form of Beans (BEAN), which is an ERC20 token that is used to stabilize the value of the loan.

To get a beanstalk loan, a user must first collateralize their ETH or other supported assets. They then receive an equal amount of BEAN tokens. These tokens can then be used to borrow other assets from the protocol or traded on exchanges.

The security vulnerabilities that allowed the attack to succeed

The attacker exploited a flaw in the protocol’s smart contract to mint BEAN tokens without having to collateralize any ETH or other assets. They then used these BEAN tokens to borrow USDT from the protocol and quickly sold it on exchanges for ETH. With the ETH, they bought more BEAN tokens and repeated the process until they had amassed a large amount of ETH. Finally, they cashed out their ETH for fiat currency through OTC channels.

By the time the exploit was detected and stopped, the attacker had successfully stolen USD 80m. The remaining USD 102m is still locked in the smart contract and cannot be accessed by the attacker.

You might like :-

How the attackers managed to steal USD 80m

The attackers used a combination of three different exploits to carry out the attack. First, they took advantage of a flaw in the Beanstalk Protocol that allowed them to create two separate but identical ERC20 tokens. Next, they used a flash loan from dYdX to borrow enough ETH to mint new Beanstalk tokens. Finally, they used another flash loan from MakerDAO to convert the beanstalk tokens into Dai.

With the beanstalk tokens, the attackers were able to mint new Dai and then quickly withdraw it before the exploit was detected. In all, they managed to steal around 80 million dollars worth of Dai.

While the attack was stopped relatively quickly, it highlights some serious flaws in the current decentralized finance ecosystem. For one, it’s far too easy to borrow large amounts of money using flash loans. And secondly, there are very few checks and balances in place to prevent attacks like this from happening.

We can only hope that the beanstalk protocol is fixed and that other protocols learn from this attack so that we can avoid a repeat in the future. Otherwise, the decentralized finance ecosystem could be in for a rough ride.

What’s next for beanstalks?

The beanstalk protocol has been audited by several reputable firms and is currently being used by a number of projects in the Ethereum ecosystem. In light of this attack, the protocol’s developers are working on a number of changes to improve its security.

It’s still early days for beanstalks, but this attack highlights the need for caution when using new protocols and smart contracts. As always, we recommend that users do their own research and only use platforms that they trust.

It’s still early days for beanstalks, but this attack highlights the need for caution when using new protocols and smart contracts. As always, we recommend that users do their own research and only use platforms that they trust.

One way businesses can protect themselves from similar attacks in the future is to use established protocols and smart contracts that have been thoroughly audited by reputable firms. Additionally, businesses should only use platforms that they trust and have done their own research on. Finally, it is always important to monitor for any suspicious activity and report it immediately. By following these steps, businesses can help protect themselves from similar attacks in the future.

By taking these extra precautions businesses can help to ensure that they are not the victim of a future attack.

Leave a Comment