As the cryptocurrency market develops and grows, the more enticing its participants become to hackers. In the latest instance of a major attack on a decentralized finance (DeFi) platform, Ethereum-based stablecoin protocol Beanstalk Farms has suffered a staggering loss of funds.
Specifically, the platform had lost a total of around $182 million, while the attacker took around $80 million of crypto tokens, stated PeckShield, the blockchain security company which flagged the attack on Twitter, as Bloomberg reported on April 18.
According to PeckShield, the attacker has already managed to cover their tracks by moving the $80 million to cryptocurrency mixing service Tornado Cash. They also directed $250,000 in USD Coin (USDC) to Ukraine.
Meanwhile, the founders of Beanstalk Farms have made their identities known on the platform’s Discord server, denying any involvement in the incident or knowledge of its perpetrators:
“We are not aware of the identity of the individuals who were involved. Like all other investors in Beanstalk, we lost all of our deposited assets in the Silo, which was substantial.”
That said, they are yet to comment on whether the lost funds will be returned to their owners and how. What they did say was that:
What are flash loans and why are their exploits so rampant?
Flash loans are a popular feature of protocols such as Beanstalk, as they allow users to borrow large amounts of assets without collateral and give it back (with interest) within the same transaction as obtained, and within a very short period.
However, such a function has proven to be one of the favorite targets by hackers, as the tiniest error in code allows them to manipulate the smart contract and get away with enormous sums. Such errors have opened the door for exploits like the one against Alpha Homora and Cream Finance.
Elsewhere, cryptocurrency trading platform Currency.com announced it had prevented a major cyberattack last week after suspending its activities in Russia. According to the platform, the ‘distributed denial of service’ (DDoS) attack was ineffective and all of its servers, cybersecurity systems, and customer data were not compromised.