Hackers have stolen $182 million from Ethereum-based stablecoin project Beanstalk Farms.
Stablecoins were invented to protect investors from the volatility of cryptocurrency prices, giving them a place to ‘shelter’ their investments without cashing out into fiat money such as dollars or pounds sterling.
Those such as Tether or USDC typically back their $1 peg with cash reserves – but Beanstalk took a different approach. It invited participants to invest tokens in return for a yield – buying ‘beans’ – while the higher the holding, the more say they would have in the governance of the project.
The hackers took out a flash loan to acquire enough voting rights to drain its reserves. According to analysis from smart contract auditor BlockSec on Twitter, they put forward a governance proposal requesting donations for Ukraine which contained a malicious smart contract.
Once the proposal passed, this transferred the funds into their control. The $1 peg dropped dramatically to around 15 cents before returning to approximately $1 over the last few hours.
“An attacker was able to exploit Beanstalk and transfer all of the assets in the contract to their wallet,” the company wrote on Discord.
Someone who purports to work within the project also wrote that, as it lacks venture capital backing, it is unlikely to be bailed out – and with all funds gone, will likely fold.