(Bloomberg) — Decentralized finance project Beanstalk Farms suffered one of the largest-ever flash-loan exploits on Sunday, sending its price tumbling.
The credit-focused, Ethereum-based stablecoin protocol suffered a total loss of around $182 million and the attacker got away with around $80 million of crypto tokens, according to blockchain security firm PeckShield, which had flagged the incident on Twitter. The project’s native token BEAN fell about 75% from its $1 peg against the dollar, pricing from CoinGecko showed.
The protocol’s creators disclosed their identities on Beanstalk’s Discord server, and said that they were not involved in the attack.
“We are not aware of the identity of the individuals who were involved. Like all other investors in Beanstalk, we lost all of our deposited assets in the Silo, which was substantial,” the founders wrote.
It isn’t yet clear whether investors who lost funds will be reimbursed — or if so, how and to what extent. Beanstalk didn’t reply to an email from Bloomberg seeking comment.
Unlike traditional lending, which requires a loan to be secured with a collateral or credit checks, DeFi smart contracts allow users to borrow huge sums of stablecoins in what are known as flash loans, without any form of security. Flash loans, where the entire process of borrowing and returning the loan happens in a single transaction on the blockchain, are fairly popular among arbitrage traders.
Flash loans have also turned out to be a soft target for exploits, as any lapse in a smart contract code lets an attacker manipulate the protocol and drain millions. Last year Cream Finance and Alpha Homora lost $130 million and $37 million, respectively, in the same manner.
According to PeckShield, the hacker has already moved the entire $80 million onto crypto asset mixing service Tornado Cash to hide their tracks. The perpetrator also donated $250,000 in stablecoin USDC to Ukraine.
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.