Crypto-asset project Beanstalk is the latest blockchain company to suffer a major hack, losing $182 million after a hacker drained the company's accounts. Beanstalk is a "credit-based stablecoin" that allows users to lend and borrow assets to make cryptocurrency more accessible.
Blockchain security and analytics firm Peckshield first brought news of the hack with a Sunday morning Twitter (NYSE: TWTR) thread outlining the details of the hack. According to the company, hackers were able to take advantage of Beanstalk's governance protocols that afforded users voting rights based on the number of tokens in their possession.
Using a "flash loan," a blockchain financial service that allows users to borrow crypto for brief periods, the hacker was able to gain a staggering 67% stake in Beanstalk. With this voting power, they authorized the implementation of code that would empty the project's crypto wallets and transfer the contents to their own.
After repaying the flash loan, the hacker transferred the stolen assets to Tornado Mixer to hide their footsteps. Tornado Mixer is an infamous tool that allows crypto holders to obscure the destinations of crypto assets by swapping tokens between random users. The tool has been used in several notable hacks, including the $196 million BitMart hack.
Given the lack of options for recourse and no government oversight in decentralized finance, the damage could be critically extensive to Beanstalk. In the project's Discord server, one of the developers commented rather bluntly, "We are fucked. This project has not had any venture backing, so it is highly unlikely there is any sort of bail out coming." Many users on the server noted losses of tens of thousands of dollars from the hack.
Unfortunately, Beanstalk's unique nature as a "lending and borrowing" based token might have contributed to the fatal damage. Without any form of stable currency to prop up the project, Beanstalk had been entirely reliant on crypto assets it could obtain itself and from community members.