The Ethereum-based stablecoin protocol Beanstalk Farms was exploited for $182 million on Sunday.
PeckShield, a blockchain security firm, reported the attack on Twitter, saying the attacker made off with at least $80 million in cryptocurrency, though the protocol's losses were much larger.
As a result of the attack, the market for Beanstalk's BEAN stablecoin collapsed. According to CoinGecko, the token was down 86 percent from its $1 peg at the time of publication.
Beanstalk, when contacted for comment, directed CoinDesk to a post on its Discord server that summarized the attack.
According to the summary, the attacker obtained a large amount of Beanstalk's native governance token, Stalk, by taking out a flash loan on lending platform Aave. The attacker was able to quickly pass a malicious governance proposal using the voting power granted by these Stalk tokens, draining all protocol funds into a private Ethereum wallet.
In the attack summary, the project leaders stated that "Beanstalk did not use a flash loan resistant measure to determine the % of Stalk that had voted in favor of the BIP. This was the fault that allowed the hacker to exploit Beanstalk. "
Omnicia, a blockchain security firm, audited Beanstalk's smart contracts. According to the firm's Sunday post-mortem, the audit was completed before the introduction of the flash loan vulnerability.
Beanstalk declined to comment to CoinDesk on whether funds would be reimbursed to users, stating that more information would be provided at a town hall meeting on Sunday.
The attacker appeared to donate $250,000 of the stolen funds to a Ukrainian relief wallet, according to PeckShield.
This is the most recent in a series of major decentralized finance (DeFi) hacks that have occurred in recent weeks. In March, Axie Infinity's Ronin Blockchain was hacked for $625 million in an attack linked to North Korea, according to US officials.
By fLEXI tEAM