Beanstalk Farms, the credit-based stablecoin protocol, has lost all of its $182 million collateral from a security breach caused by two sinister governance proposals and a flash loan attack.
It has been reported that the problem with the protocol was seeded by suspicious governance proposals BIP-18 and BIP-19, which were issued on Saturday by the exploiter, who asked for the protocol to donate funds to Ukraine.
However, those proposals had a malicious rider attached to them the ultimately created the sinkhole of funds from the protocol, according to smart contract auditor BlockSec. This latest security breach of decentralized finance (DeFi) protocol took place at 12:24 pm UTC.
The report said that at that time, the exploiter took out $1 billion in flash loans from the Aave (AAVE) protocol denominated in DAI (DAI), USD Coin (USDC), and Tether (USDT) stablecoins. They used these funds to accumulate enough assets to take over 67% of the protocol’s governance and approve their own proposals.
Beanstalk Farms stated:
“We’re engaging all efforts to try to move forward. As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter's ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well.”
Likewise, a flash loan must be executed and repaid within a single block and usually calls on several smart contracts to complete at once. Flash loans have been used in the past to perform hacks or security exploits of other protocols.
Beanstalk Farms is a decentralized algorithmic stablecoin issuing platform on Ethereum. This case was technically not a hack as the smart contracts and governance procedures functioned as designed.
Thus, a spokesperson said:
“It’s unfortunate that the same governance procedure that put beanstalk in a position to succeed was ultimately its undoing.”