PeckShield flagged an attack on Beanstalk Farms, an Ethereum-based stablecoin protocol. The attackers are estimated to have made off with over $80MM in cryptocurrencies, though the exploit, in totality, is expected to be valued at over $180MM. Afterwards, the stablecoin’s market plummeted from its $1 peg.
“According to Beanstalk’s summary of the event, the attacker was able to exploit a failure to implement flash loan resistance measures, allowing the attacker to take out a flash loan in order to attain a significant amount of Stalk, the governing token of Beanstalk. That allowed the attacker to utilize the voting rights of the Stalk to propose a governance proposal which flushed the protocol funds. These kinds of exploits… they’re just entirely avoidable with the right security and audits in place,” said Richard Gardner, CEO of Modulus, a US-based developer of ultra-high-performance trading and surveillance technology that powers global equities, derivatives, and digital asset exchanges.
The company’s summary said, in part, “Beanstalk did not use a flash loan resistant measure to determine the % of Stalk that had voted in favor of the BIP. This was the fault that allowed the hacker to exploit Beanstalk.”
“It is important that audits are done regularly, especially as changes are made, which might allow for additional vulnerabilities. Like in this case, where the company underwent an audit on its smart contracts, but not since the flash loan vulnerability was introduced. Security isn’t a one-and-done thing. Security in the digital assets space must be an ongoing pursuit,” said Gardner.
“One item of interest, beyond solely the hack in question, is that it looks like the attacker sent a small chunk of the proceeds of the exploit to a wallet for Ukrainian relief efforts. At this point, it hasn’t been identified if the attack is related to a particular ideology, nor is it certain that a donation of roughly $250,000 is indicative of anything ideological at all, considering that’s dwarfed by the total value of the attack. However, it is definitely worth noting,” said Gardner.
Modulus is known throughout the financial technology segment as a leader in the development of ultra-high frequency trading systems and blockchain technologies. Modulus has provided its exchange solution to some of the industry’s most profitable digital asset exchanges, including a well-known multi-billion-dollar cryptocurrency exchange. Over the past twenty years, the company has built technology for the world’s most notable institutions, with a client list which includes NASA, NASDAQ, Goldman Sachs, Merrill Lynch, JP Morgan Chase, Bank of America, Barclays, Siemens, Shell, Yahoo!, Microsoft, Cornell University, and the University of Chicago.
“Given the geopolitical conflict that is going on around the world, now more than ever, the industry should be on high alert, buttoning up any faults that may exist. Especially after the United States linked the North Korean Lazurus Group to the previous major crypto hack, it should be clear that it isn’t solely issues in Eastern Europe which should draw heightened awareness,” said Gardner.