I'm not sure it's fair to call this a hack in the illegal sense. He played by the rules of the system and won.
According to analysis from blockchain security firm CertiK, the Beanstalk attacker used a flash loan obtained through the decentralized protocol Aave to borrow close to $1 billion in cryptocurrency assets and exchanged these for enough beans to gain a 67 percent voting stake in the project. With this supermajority stake, they were able to approve the execution of code that transferred the assets to their own wallet. The attacker then instantly repaid the flash loan, netting an $80 million profit.
Based on the duration of an Aave flash loan, the entire process took place in less than 13 seconds.
damnnn
reply
Flashloans are scary.
I honestly would never accept a job in the ethereum ecosystem - no matter how high the salary. There is no way to properly test something because no test environment is ever as safe as the live chain. I couldn't sleep at night - idk how these people can.
reply
One of the surprising things about human nature is the ability to rationalize all behavior - even the most immoral. Everyone fundamentally thinks they're a good person regardless of what they've done, which means they've convinced themselves there are good reasons for what they've done.
I imagine when working in the ethereum ecosystem one says to oneself:
  1. Everyone else is doing it
  2. My users understand all the risks but took them anyway. It's not my fault they assessed the risk wrong.
  3. I'm making money because I'm providing value. It's signal that what I'm doing is the right thing.
This interview with a famous cybercriminal Brett Johnson on Lex Fridman's show is illuminating: https://www.youtube.com/watch?v=cC1LFC0KFSw. He didn't care about his victims because he convinced himself he was doing it for his family - which in his mind washed away the harm it caused and still made him good.
reply