Threat Management, Threat Management, Application security, Security Architecture

Concerns raised for DeFi platforms after attack causes Beanstalk to lose $182 million

ETHDenver sponsors are listed on a banner on Feb. 18, 2022, in Denver. (Photo by Michael Ciaglo/Getty Images)

Just as Jack climbed the beanstalk in the popular fairy tale, so too have bad actors achieved access to the decentralized (DeFi) credit platform known as Beanstalk, according to reports earlier this week.

The attack reportedly caused Beanstalk to lose $182 million — but the reverberations of this hit on a DeFi system have pointed to concerns which could affect the whole market.

“This attack is undoubtedly a sign of things to come,” said James McQuiggan, security awareness advocate at KnowBe4, a cybersecurity awareness and support company. “Cybercriminals continue to target organizations with money. Large bank corporations have worked to implement strong security cultures to significantly reduce the risk of an attack and successful breach.”

While hacktivism and other non-theft drivers remain a motivation for many of these intrusions, it is cyber theft which drives many of these hackers and syndicates.

“DeFi platforms operating with the ‘code is law' mantra, smart contracts are built using the same logic as any other computer program and, therefore, suffer the same risk of mistakes or errors introduced that can be exploited by bad actors," said Chris Clements, vice president of solutions architecture at Cerberus Sentinel.

The recent Beanstalk breach allowed the attackers to steal $80 million in cryptocurrency, with the company’s losses tallying in at more than twice that amount, also due in part to the devalution of the firm’s BEAN stablecoin. (Beanstalk’s cryptocurrency dropped from roughly a bit more than $1 to just 11 cents when the attack was reported.)

How decentralized financial systems create openings for attack

In another malicious move, the bad actor reportedly used its stolen, but large, position in Beanstalk’s crypto network to push through at least one self-serving proposal.

Jim Ducharme, COO at Outseer, the Massachusetts-based payment verification company that was spun out of RSA Security last summer, said that DeFi systems like Beanstalk are “still relatively new, and act as an enticing opportunity for hackers to take advantage of its emerging security protocols.”

“Although a decentralized financial system sounds appealing to many, storing such sensitive information across a wide network of ledgers creates more openings for hackers to slip in undetected and steal large sums of money in the blink of an eye," Ducharme said.

In this case, an attacker utilizing a "flash loan," wherein significant amounts of cryptocurrency were borrowed and paid back in a single transaction with no collateral, then the borrowed coins were taken to buy a controlling stake in the Beanstalk platform, while also transferring assets to themselves, according to Clements.

“For shockingly little cost or [effort],” he said, “the attacker was able to net a nearly $200 million payday.”

Indeed, the cyber thieves reportedly stole crypto assets from Beanstalk through a “malicious proposal,” according to a post-mortem review by Omniscia, which audits and reviews smart contracts and blockchains. Hackers were able to conduct a so-called “flash-loan attack,” exploiting a flaw in one of Beanstalk’s new protocols, according to the cyber auditor, and permitting these bad actors to move funds to their own Ethereum wallet.

A flash loan allows users to borrow a large amount of stablecoins from other traders without providing collateral, so approving this unsecured loan happens in a single transaction virtually instantly on the blockchain. Some hackers have identified vulnerabilities in various DeFi platforms that are exploitable within a short time, performing malicious actions right after the approval of a flash loan.

For the moment, DeFi systems like Beanstalk are still relatively new and act as an “enticing opportunity for hackers to take advantage of their emerging security protocols,” Ducharme said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.