reply on: Beanstalk cryptocurrency project robbed after hacker votes to send themself $182 million \ stacker news ~bitcoin

pull down to refresh

10 sats \ 7 replies \ @k00b 19 Apr 2022 \ on: Beanstalk cryptocurrency project robbed after hacker votes to send themself $182 million bitcoin

I'm not sure it's fair to call this a hack in the illegal sense. He played by the rules of the system and won.

According to analysis from blockchain security firm CertiK, the Beanstalk attacker used a flash loan obtained through the decentralized protocol Aave to borrow close to $1 bi ll i o nin cry pt oc u rre n cy a sse t s an d e x c han g e d t h ese f ore n o ug hb e an s t o g aina 67 p erce n t v o t in g s t ak e in t h e p ro j ec t . Wi t h t hi ss u p er maj or i t ys t ak e, t h ey w ere ab l e t o a pp ro v e t h ee x ec u t i o n o f co d e t ha tt r an s f erre d t h e a sse t s t o t h e i ro w n w a ll e t . T h e a tt a c k er t h e nin s t an tl yre p ai d t h e f l a s h l o an, n e tt in g an$ 80 million profit.

Based on the duration of an Aave flash loan, the entire process took place in less than 13 seconds.

0 sats \ 1 reply \ @0xtr 19 Apr 2022

damnnn

0 sats \ 0 replies \ @247bf84fda 25 Aug freebie

deleted by author

0 sats \ 3 replies \ @zuspotirko 19 Apr 2022

Flashloans are scary.

I honestly would never accept a job in the ethereum ecosystem - no matter how high the salary. There is no way to properly test something because no test environment is ever as safe as the live chain. I couldn't sleep at night - idk how these people can.

3 sats \ 1 reply \ @k00b 19 Apr 2022

One of the surprising things about human nature is the ability to rationalize all behavior - even the most immoral. Everyone fundamentally thinks they're a good person regardless of what they've done, which means they've convinced themselves there are good reasons for what they've done.

I imagine when working in the ethereum ecosystem one says to oneself:

Everyone else is doing it
My users understand all the risks but took them anyway. It's not my fault they assessed the risk wrong.
I'm making money because I'm providing value. It's signal that what I'm doing is the right thing.

This interview with a famous cybercriminal Brett Johnson on Lex Fridman's show is illuminating: https://www.youtube.com/watch?v=cC1LFC0KFSw. He didn't care about his victims because he convinced himself he was doing it for his family - which in his mind washed away the harm it caused and still made him good.