Hackers strike again: $182 million exploit on Beanstalk

By I-HODL | A Crypto Journey | 17 Apr 2022

There's been another exploit today, this time on Ethereum-based stablecoin protocol, Beanstalk. Hackers have drained approximately $182 million in cryptocurrencies, causing the price of BEAN to crash. There's no holiday in the cryptoverse, and certainly no holiday for thieves. Let's discuss.

What is Beanstalk?


Beanstalk is an Ethereum-native based stablecoin protocol which was launched around August, 2021. According to its whitepaper, Beanstalk (BEAN) was developed to address concerns about the centralized vulnerability of major stablecoins whose market capitalization is limited by collateral requirements. The proposition was that BEAN "does not compromise on decentralization, does not require collateral, and trends toward more liquidity and stability." Here's a link published over on Medium in February  outlining the team's six month roadmap.

Vulnerabilities identified during audit

The Beanstalk protocol was audited at the end of March, 2022 by Omniscia Audit, and a report was issued identifying vulnerabilities which, according to the auditors, included, "A significant vulnerability in plot transfers as well as several potentially exploitable attack vectors." 

In addition to these vulnerabilities, the auditors noted that discrepancies "between the whitepaper and the codebase around weather conditions as well as incentive times for BIPs" had also been detected, however they were later satisfied that the Beanstalk team adequately applied remediation to their findings. 

Hackers make off with close to $200 million

It appears though that all vulnerabilities were either not detected during the audit or not adequately addressed, because according to blockchain security and data analytics company, PeckShield, Beanstalk was exploited in a flurry of transactions this morning, April 17th, 2022, which led to a protocol loss of approximately $182 million. 

In a thread, the PeckShield team noted that the hack followed a flashloan-assisted (immediate) pass of BIP18, submitted one day ago.

"The BIP18 leads to the crafted code execution with the governance privilege to drain the pool fund," the team said.

Here's the Etherscan link which shows you a full breakdown of the transactions.

According to U Today, approximately $30 million worth of the stolen crypto has already been moved through privacy mixer Tornado Cash.

Meanwhile, the team over at Beanstalk has acknowledged the loss and reached out to the DeFi community and experts in chain analytics for support in limiting the exploiter's ability to withdraw funds. An open message was also issued to the exploiter.

This is a developing story, so I'll bring you another update as soon as I can.

Until we meet again though, please remember to be safe. Arrivederci.

How do you rate this article?



Your friendly, neighborhood crypto enthusiast.

A Crypto Journey
A Crypto Journey

Here we exchange news, views and reviews on developments in the crypto space.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.