Security News > 2022 > April > Beanstalk DeFi platform loses $182 million in flash-load attack
The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets.
The decentralized finance platform detailed on its Discord channel that the attacker took a flash loan on Aeve, a liquidity protocol, and used their voting power from holding a large amount of the Stalk native governance token to pass a malicious proposal.
Beanstalk Protocol experienced a flash-loan attack due to a flaw in its newly introduced Curve LP Silos that compromised the protocol's governance mechanism, ultimately permitting the attacker to conduct an emergency execution of a malicious proposal siphoning project funds.
Some hackers have identified vulnerabilities in various DeFi platforms that are exploitable within these short times, performing malicious actions right after the approval of a flash loan.
The attack on Beanstalk took advantage of a lack of a resistant measure to stop the manipulation of governance via Stalk flash loans, which was the point of failure that made the attack successful.
A Chainalysis report from last week indicates that DeFi platforms are the primary focus of crypto-heists in 2022, and the Beanstalk incident is yet another confirmation of this trend.