Fintech & Cryptocurrency

How to avoid a Beanstalk like ‘flash’ attack: An expert’s advice

Beanstalk Farms, an Ethereum-based stablecoin protocol, was exploited for US$182 million last Sunday. The attackers were able to gain US$80 million worth of cryptocurrency, which they laundered through the coin mixing tool Tornado Cash, which lets users send and receive crypto while obscuring its source.

Brian Pasfield, CTO at Fringe.fi, explained how this happened and how decentralized organizations can prevent such hacks in the future.


Read more: What’s causing the Yield Farming boom in DeFi? Answers from an expert


“This attack was initiated by an actor who submitted a treacherous improvement proposal to the protocol posing as a relief gateway for Ukraine. The major problem here was with a review of BIP 18/19 that wasn’t critical enough and therefore allowed the attacker to exploit the protocol,” he says.

Brian Pasfield

The major problem here was with a review of BIP 18/19 that wasn’t critical enough and therefore allowed the attacker to exploit the protocol

“Doing code audits is essential. Conducting a single audit on release is a good way to show you’re a legitimate project. However, it’s consistent auditing — especially when adding new code — that helps keep a project secure,” he further explains.

According to CoinDesk, the attacker got a flash loan on lending platform Aave, which was used to hoard a substantial amount of Beanstalk’s native governance token, stalk. Leveraging the voting power given by these stalk tokens, the attacker then lost no time in passing a malicious governance proposal that drained all protocol funds into a private Ethereum wallet.

“Smart contract and flash loan attacks can be prevented by staying abreast with threats and reviewing how new code will affect the protocol as a whole,” he says.

The blockchain security firm Omnicia audited Beanstalk’s smart contracts. But, the audit was done prior to the flash loan vulnerability occurrence, Beanstalk revealed after a Sunday post-mortem.

Smart contract and flash loan attacks can be prevented by staying abreast with threats and reviewing how new code will affect the protocol as a whole

“DAO governance is currently trending in the DeFi. While it is a necessary step in the decentralization process, it should be done gradually and with all the possible risks carefully weighted. Developers and administrators should be aware of new points of failure that can be created by developers or DAO members intentionally or by accident. This means that a scheduled review process could act as an important preventative measure.”


Read more: Crypto players innovate to ease adoption in India


A decentralized autonomous organization (DAO) is an organization that runs fully and autonomously on a blockchain protocol according to rules encoded through smart contracts. By bypassing the need for human intervention or centralized coordination, DAOs are frequently called “trustless” systems.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

Disrupting Fintech: How product studios are transforming financial services

In the rapidly evolving financial technology landscape, innovative product studios are emerging as powerful catalysts…

6 days ago

Harnessing the power of AI: Preparing today’s workforce for tomorrow’s challenges

In an era defined by rapid technological advancement, Artificial Intelligence (AI) stands as a transformative…

6 days ago

Indian esports makes history at BRICS Esports Championship in Moscow

In a historic moment for Indian esports, Wasfi “YoshiKiller” Bilal secured a silver medal at…

7 days ago

Geek Appeal: New gadgets & apps on the block

The Tech Panda takes a look at recently launched gadgets & apps in the market.…

7 days ago

Ecosystem harkat: India’s Biotech & space tech, early stage tech startups & women entrepreneurs in blockchain

The Tech Panda takes a look at what’s buzzing in the startup ecosystem. The startup…

7 days ago

Harris vs. Trump: Forecasting Bitcoin’s Future in a Post-Election Economy

With just days until the outcome of the U.S. presidential race, Bitcoin enthusiasts across the…

1 week ago