Crypto thieves get bolder with the heist and steal record amounts

Cryptocurrency hacks keep getting bigger.

The hack wiped out all ether held by the fund. After the ether was removed, the value of the stablecoin itself, called Bean, plummeted from $1 to 10 cents on Sunday, according to data firm CoinGecko. Most recently it was quoted at 6 cents.

After the Bean stablecoin collapsed, the hacker’s profit was about $76 million, according to a blog post by Beanstalk Farms, the group running the project.

The Beanstalk hack was the fifth biggest crypto theft of all time, according to, which tracks crypto hacks. The hack follows a $540 million theft of the platform for the online game Axie Infinity last month.

2022’s pace of about one hack a week is on par with last year, but the amount stolen is increasing, according to Rekt. Since August, there have been 37 hacks in 38 weeks that have drained about $2.9 billion worth of cryptocurrencies.

That equates to the $3.2 billion stolen in all of 2021, according to analytics firm Chainalysis.

Hackers are finding major exploits amid the rise of decentralized finance or DeFi projects. Hackers tend to target new protocols that haven’t been fully tested and verified, said Max Galka, chief executive of crypto forensics firm Elementus.

Beanstalk was only introduced in August.

The open-source nature of DeFi projects is another reason why they are attractive to thieves. Hackers can spend time examining the code for vulnerabilities, Chainalysis said. Even platforms that checked their code were still being hacked. The firm said that DeFi protocols need to have a more thorough security approach.

According to Chainalysis, most hacks have exploited buggy code. In fact, the exact method used by the Beanstalk hacker has become a common method, the firm said.

The Beanstalk protocol used what is known as a DAO, or Decentralized Autonomous Organization. Users can commit or “include” funds to the project, allowing them to vote on the maintenance and changes to the protocol.

According to blockchain analytics firm Elliptic, the hacker borrowed about $1 billion worth of various stablecoins using an ultra-short-term loan called Flashloan and then added it to Beanstalk’s funds. That was enough to give them an overwhelming percentage of voting rights.

The hacker suggested donating money to Ukraine and voted to approve the idea. However, the proposal included code that Elliptic said instead sent all funds locked in the Beanstalk protocol to a wallet controlled by the hacker.

Once they stole the money, they repaid the loan and pocketed the difference.

Bitcoin’s volatility has limited its acceptance for payments, so entrepreneurs have created stablecoins: cryptocurrencies tied to assets like the US dollar. But the recent settlement of an investigation into the most popular stablecoin, Tether, shows the need for transparency in the growing industry. Photo illustration: Sharon Shi/WSJ

Ironically, as Mr. Galka pointed out, the hacker followed Beanstalk’s set rules. The problem is that there was no contingency for someone to take over the voting mechanism, reflecting the novelty of the project itself, he said.

“Everything this guy did was in line with the code,” Mr. Galka said.

Publius, the developer group that created Beanstalk, declined to comment on this article.

The dev group has tried to regroup and has said they will attempt a rebuild. This would require securing the protocol, finding new capital to fund it, and paying back users who lost money to the hack.

It is unclear whether the funds can be reclaimed. The developers behind Beanstalk asked the hacker to return the money but keep 10% as a “bug bounty.” So far there has been no response to this request.

Write to Paul Vigna at

Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8 Crypto thieves get bolder with the heist and steal record amounts

Ari Notis is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button