Interestingly, the attacker donated $250,000 of the stolen funds to an address used for raising donations for the Ukrainian government.
According to security firm PeckShield, a credit-focused, Ethereum-based stablecoin protocol known as Beanstalk is the latest target of cybercriminals. The DeFi protocol was exploited this Sunday in a flash-loan attack due to which Beanstalk lost around $182 million in crypto assets.
Resultantly, the market for Beanstalk’s stablecoin, BEAN, collapsed. As per CoinGecko, the token’s market went down by 86% from its $1 peg.
It is worth noting that the incident is the second massive nine-figure DeFi exploit reported in a month. In March, Ronin Blockchain of Axie Infinity was targeted, allegedly by North Korean hackers, causing a loss of $625 million.
How was the Attack Carried Out?
Regarding how the attack was carried out, Beanstalk referred to a post on its Discord server, noting that the exploiter utilized a combination of governance tokens obtained via a flash loan for creating a fake protocol improvement proposal.
The attacker used the proposal to gift funds stored in Beanstalk. When the attacker received voting power from the Stalk tokens, they could drain all protocol funds into their personal Ethereum wallet.