Security News > 2022 > April > Beanstalk DeFi platform loses $182 million in flash-loan attack
The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets.
The decentralized finance platform detailed on its Discord channel that the attacker took a flash loan on Aeve, a liquidity protocol, and used their voting power from holding a large amount of the Stalk native governance token to pass a malicious proposal.
Beanstalk Protocol experienced a flash-loan attack due to a flaw in its newly introduced Curve LP Silos that compromised the protocol's governance mechanism, ultimately permitting the attacker to conduct an emergency execution of a malicious proposal siphoning project funds.
A flash loan allows users to borrow a large amount of stablecoins from other traders without offering a collateral and the process of approving a loan and returning it happens in a single transaction on the blockchain, within seconds.
Some hackers have identified vulnerabilities in various DeFi platforms that are exploitable within these short times, performing malicious actions right after the approval of a flash loan.
The attack on Beanstalk took advantage of a lack of a resistant measure to stop the manipulation of governance via Stalk flash loans, which was the point of failure that made the attack successful.