Signed in as:
Signed in as:
We provide professional blockchain forensic investigations to track and uncover illicit funds.
We can support anyone who has been impacted by a financial fraud, scam or a rug pull
From DAOs to Governments and anything in between, we can investigate privately on behalf of another company
We're able to support communities impacted by rug pulls. We're able to fund investigations using a variety of methods
We will respond within 24 hrs
Beanstalk is a decentralised protocol that allows anyone to realise the value of an open, credit based stablecoin. The Beanstalk community of lenders, borrowers and savers secures a protocol-native stablecoin, Bean, with the goal of creating the world’s most accessible digital money system. By eliminating collateral requirements, Beanstalk aims to be the catalyst for a trustless solution to unlock the universal potential of decentralised finance.
Beanstalk, a decentralised credit based stablecoin protocol, was attacked at roughly 12:24pm UTC on April 17, resulting in a theft of ~$77M in non-Beanstalk user assets. The perpetrator used a flash loan to exploit the protocol’s governance mechanism and send the funds to a wallet they controlled.
On the day of the attack, the Beanstalk contract on the Ethereum mainnet was exploited via a previously-unknown issue with Beanstalk’s governance process. The Beanstalk Farms team was immediately alerted and took action to temporarily shut off protocol governance and pause Beanstalk. Approximately $77M was stolen from the protocol’s liquidity pools. The team has since burned the remaining Beans in the exploiter contract.
The root cause of the flaw is that the BEAN3Crv-f and BEANLUSD-f (used for voting) in the Silo system could be created via flashloan. However, lacking anti-flashloan mechanism in the Beanstalk protocol, the attackers can borrow numerous tokens that are supported by the protocol and vote for malicious proposals.
In detail, to execute the proposal by “emergencyCommit()”, the attacker needs to bypass the following checks: CV1
As the BIP18 proposal was created one day ago, validation one will be bypassed. By flashloan, the BIP18 proposal gained more than 78% of the vote, which is more than 67%.
Launch attack to execute BIP18: https://etherscan.io/tx/0xcd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7
Attacker address: https://etherscan.io/address/0x1c5dcdd006ea78a7e4783f9e6021c32935a10fb4
Malicious Proposal: https://etherscan.io/address/0xe5ecf73603d98a0128f05ed30506ac7a663dbb69