I'm not sure it's fair to call this a hack in the illegal sense. He played by the rules of the system and won.
According to analysis from blockchain security firm CertiK, the Beanstalk attacker used a flash loan obtained through the decentralized protocol Aave to borrow close to $1 billion in cryptocurrency assets and exchanged these for enough beans to gain a 67 percent voting stake in the project. With this supermajority stake, they were able to approve the execution of code that transferred the assets to their own wallet. The attacker then instantly repaid the flash loan, netting an $80 million profit.
Based on the duration of an Aave flash loan, the entire process took place in less than 13 seconds.
reply
damnnn
reply
Flashloans are scary.
I honestly would never accept a job in the ethereum ecosystem - no matter how high the salary. There is no way to properly test something because no test environment is ever as safe as the live chain. I couldn't sleep at night - idk how these people can.
reply
One of the surprising things about human nature is the ability to rationalize all behavior - even the most immoral. Everyone fundamentally thinks they're a good person regardless of what they've done, which means they've convinced themselves there are good reasons for what they've done.
I imagine when working in the ethereum ecosystem one says to oneself:
  1. Everyone else is doing it
  2. My users understand all the risks but took them anyway. It's not my fault they assessed the risk wrong.
  3. I'm making money because I'm providing value. It's signal that what I'm doing is the right thing.
This interview with a famous cybercriminal Brett Johnson on Lex Fridman's show is illuminating: https://www.youtube.com/watch?v=cC1LFC0KFSw. He didn't care about his victims because he convinced himself he was doing it for his family - which in his mind washed away the harm it caused and still made him good.
reply
Lol lets make algo backed stablecoins what could go wrong? If a flash loan can take down your entire ecosystem what is the point?
ETH protocols working as intended I suppose, pure rug pull tech
reply
This is crazy. The same day that the wallstreetjournal has a story about smart contract "algorithm based" stablecoins this happens. Literally the same day.
reply
I'm sure I'm not the only one who giggled at that one haha :)
reply
The entire hack happened in 1 transaction...! apples to apples comparison on how this looks in real world - Borrow money from Goldman Sachs to become majority shareholder in Bank of America, take board ownership and pass a mandate to approve your personal account to withdraw entire bank liquidity, repay borrowed loan and walk away with $182 Million...! Kinda crazy if you think that way..!
reply
lmao, what a great title
reply