Using flash loans for malicious voting, hackers drained over a hundred million assets from Beanstalk

Author: Jasmine, Hive Tech

At around 10:00 PM Beijing time on April 17, the decentralized stablecoin protocol Beanstalk disclosed that it "suffered an attack." According to information disclosed by several blockchain security firms, the protocol was subjected to a flash loan attack, resulting in losses of over $100 million in crypto assets, with the attacker profiting nearly $80 million.

Following the attack, the total value locked (TVL) of Beanstalk's crypto assets dropped to zero, and the stablecoin BEAN, which was originally pegged to $1, plummeted to as low as $0.063.

Subsequent content released by Beanstalk in its Discord community indicated that the attacker completed a flash loan on the lending platform Aave, accumulating a large amount of the protocol's governance token STALK; using STALK, the attacker quickly passed a "malicious governance proposal," which allowed them to transfer all funds stored within the protocol. This attack process has been corroborated by analyses from other blockchain security firms.

Beanstalk has not publicly responded on how to recover the losses.

Attacker Utilized Flash Loan for Malicious Proposal

According to DefiLlama data, on April 16, the crypto assets locked in the Beanstalk protocol were still valued at $32 million, but a day later, this value metric, TVL, dropped to zero due to a hacker attack.

Beanstalk, built on Ethereum in August 2021, is a decentralized stablecoin protocol that issues a dollar-pegged stablecoin called BEAN, equivalent to $1. The protocol claims to be a stablecoin issuance protocol built on credit rather than collateral, capable of maintaining the peg of BEAN to the dollar through its decentralized credit tool named "Field." The protocol also issues a governance token, STALK.

BEAN Severely Depegged in 13 Minutes

Beanstalk disclosed the time of the attack on Twitter as around 10:30 PM on April 17, but based on the depegging time of the stablecoin BEAN supported by the protocol, the trouble began after 8:39 PM that evening. Data from Coingecko shows that at 8:39 PM, BEAN, originally pegged to $1, began to decline, and 13 minutes later, it dropped to $0.2, a decrease of 80%. That night, BEAN fell to as low as $0.063, with a maximum drop of 93.7%.

Multiple security firms confirmed through analysis that Beanstalk was subjected to a flash loan attack. Blockchain security firm PeckShield tracked the data from this attack, stating that the attacker stole at least $80 million in cryptocurrency. Additionally, security firm CertiK disclosed that the flash loan attack drained approximately $100 million in crypto assets from Beanstalk.

Subsequent content released by Beanstalk in its Discord community indicated that the attacker completed a flash loan on the lending platform Aave, accumulating a large amount of the protocol's governance token STALK; leveraging STALK, the attacker quickly passed a "malicious governance proposal," allowing them to transfer funds within the protocol.

On Twitter, Igor Igamberdiev, the data research director at blockchain data analysis firm The Block, provided details of the attack process. He stated that the attacker's funds came from the Synapse protocol bridge, where they first created a proposal numbered "BIP-18" for Beanstalk, claiming to donate 250,000 BEAN to Ukraine. This proposal was the "malicious proposal" referred to by Beanstalk, setting the stage for the subsequent flash loan attack.

Igor noted that the attacker then used a flash loan to obtain 350 million DAI, 500 million USDC, 150 million USDT from Aave, 32 million BEAN from Uniswap, and 11.6 million LUSD from SushiSwap (editor's note: DAI, USDC, BEAN, and LUSD are all dollar-pegged stablecoins). These stablecoins were used to add liquidity to the Curve pool using BEAN, facilitating governance voting for the BIP-18 proposal; once the proposal passed, all funds on the Beanstalk protocol were transferred to the attacker's address.

"The next step, the attacker canceled the liquidity, repaid the flash loan, and converted all received funds into 24,800 WETH (equivalent to $76 million), which were then sent to the mixing tool TornadoCash," Igor stated.

Flash Loan Attacks and Exploits Are the Most Common Threats to DeFi

Following the Beanstalk attack, blockchain security firm CertiK also stated on Twitter that the fundamental reason the hacker was able to execute the attack was that the funding pool used for voting in the Beanstalk system could be created through flash loans, and the lack of anti-flash loan mechanisms allowed the attacker to borrow tokens supported by the protocol and pass the malicious proposal through voting.

In a summary on Discord after the incident, Beanstalk also admitted that the protocol "did not use anti-flash loan measures to determine the percentage of STALK supporting the voting for BIP," which was the vulnerability exploited by the hacker.

Flash loans themselves are a unique type of uncollateralized loan built on the blockchain, characterized by their ability to be executed quickly on-chain. They are often used by crypto enthusiasts for arbitrage, collateral swaps, or seeking low transaction fees.

However, this lending method has repeatedly become a target for attacks, collectively referred to as "flash loan attacks." These attacks are caused by DeFi's reliance on price oracles, with blockchain data service firm Chainalysis explaining, "Safe but slow oracles are easily exploited for arbitrage; fast but unsafe oracles are easily manipulated for price."

Public records show that among the 60 DeFi attack incidents in 2020, at least 10 were due to flash loan attacks, with protocols such as bZx, Balancer, Harvest, and Akropolis having suffered flash loan attacks.

Events where flash loans influenced DeFi governance voting have also occurred; in 2020, a protocol named BProtocol obtained a large amount of MKR tokens through flash loans, attempting to accelerate its voting results based on MakerDAO using borrowed votes.

Entering 2022, exploits and flash loan attacks remain the most common threats in the DeFi space.

In April of this year, blockchain security firm Chengdu Chain Security released its "Security Research Quarterly Report," indicating that in the first quarter of 2022, DeFi projects remained a key area for hacker attacks, with 19 security incidents occurring, approximately 60% of which took place in the DeFi sector; in terms of attack methods, contract exploits and flash loans were the most common, with about 50% of attacks being contract exploits and 24% being flash loans.

Now, the security incident at Beanstalk shows that hacker-initiated flash loan attacks are no longer limited to manipulating prices using oracles; once the defenses set by the protocol are insufficient, vulnerabilities in governance mechanisms can also be exploited by hackers to undermine the security of the protocol and steal users' assets.

In the early hours of April 18, Beanstalk called on Twitter, requesting assistance from the DeFi community and on-chain analysis experts to limit the attacker's ability to withdraw funds through centralized exchanges. As of the time of publication, the protocol had not provided a response on how to address user losses.