Fintech & Cryptocurrency

How to avoid a Beanstalk like ‘flash’ attack: An expert’s advice

Beanstalk Farms, an Ethereum-based stablecoin protocol, was exploited for US$182 million last Sunday. The attackers were able to gain US$80 million worth of cryptocurrency, which they laundered through the coin mixing tool Tornado Cash, which lets users send and receive crypto while obscuring its source.

Brian Pasfield, CTO at Fringe.fi, explained how this happened and how decentralized organizations can prevent such hacks in the future.


Read more: What’s causing the Yield Farming boom in DeFi? Answers from an expert


“This attack was initiated by an actor who submitted a treacherous improvement proposal to the protocol posing as a relief gateway for Ukraine. The major problem here was with a review of BIP 18/19 that wasn’t critical enough and therefore allowed the attacker to exploit the protocol,” he says.

Brian Pasfield

The major problem here was with a review of BIP 18/19 that wasn’t critical enough and therefore allowed the attacker to exploit the protocol

“Doing code audits is essential. Conducting a single audit on release is a good way to show you’re a legitimate project. However, it’s consistent auditing — especially when adding new code — that helps keep a project secure,” he further explains.

According to CoinDesk, the attacker got a flash loan on lending platform Aave, which was used to hoard a substantial amount of Beanstalk’s native governance token, stalk. Leveraging the voting power given by these stalk tokens, the attacker then lost no time in passing a malicious governance proposal that drained all protocol funds into a private Ethereum wallet.

“Smart contract and flash loan attacks can be prevented by staying abreast with threats and reviewing how new code will affect the protocol as a whole,” he says.

The blockchain security firm Omnicia audited Beanstalk’s smart contracts. But, the audit was done prior to the flash loan vulnerability occurrence, Beanstalk revealed after a Sunday post-mortem.

Smart contract and flash loan attacks can be prevented by staying abreast with threats and reviewing how new code will affect the protocol as a whole

“DAO governance is currently trending in the DeFi. While it is a necessary step in the decentralization process, it should be done gradually and with all the possible risks carefully weighted. Developers and administrators should be aware of new points of failure that can be created by developers or DAO members intentionally or by accident. This means that a scheduled review process could act as an important preventative measure.”


Read more: Crypto players innovate to ease adoption in India


A decentralized autonomous organization (DAO) is an organization that runs fully and autonomously on a blockchain protocol according to rules encoded through smart contracts. By bypassing the need for human intervention or centralized coordination, DAOs are frequently called “trustless” systems.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

91.55% of Indian finance websites fail accessibility standards

As digital transformation accelerates, ensuring accessibility remains crucial for millions of Indians with disabilities. Addressing…

2 days ago

Is AI Hitting a Plateau? The Scaling Debate OpenAI Prefers to Avoid

I think OpenAI is not being honest about the diminishing returns of scaling AI with…

2 days ago

PayalGaming becomes India’s first female gamer to win an international award

S8UL Esports, the Indian esports and gaming content organisation, won the ‘Mobile Organisation of the…

3 days ago

Funding alert: Tech startups that raked in moolah this month

The Tech Panda takes a look at recent funding events in the tech ecosystem, seeking…

4 days ago

Colgate launches AI-powered personalized dental screenings

Colgate-Palmolive (India) Limited, the oral care brand, launched its Oral Health Movement. The AI-enabled initiative…

4 days ago

The role of ASR in voice bots: Revolutionizing customer interaction through real-time recognition

This fast-paced business world belongs to the forward thinking organisations that prioritise innovation and fully…

4 days ago