Thefts have long been part of the daily routine in the world of Bitcoin & Co.
Anonymous currencies that promise enormous price increases and lead to gigantic nominal values obviously arouse great desire.
They call in many fortune hunters who hope to jump on the bandwagon in time and forget to secure their newly won fortunes.
The young fintechs that run the crypto accounts are often just as poorly secured.
This creates a playground for talented hackers.
Editor in Business.
Follow I follow
Now the young crypto exchange Beanstalk – which has only been around for a few months – has gotten caught.
The operators have publicly admitted the theft.
One of the founders said to the "Vice" platform: "We are fucked", which colloquially describes the situation: "We are screwed".
In 13 seconds to 182 million dollars
The path taken by the thieves at Beanstalk is very unusual.
The newly formed crypto exchange operated with its own digital currency, a so-called stablecoin called "Bean".
Its value should be kept stable at one dollar by user deposits.
However, as is usual with decentralized blockchains, these same users can decide on changes to the code, which in turn is the technical basis of the digital currency.
You get as many shares as you own units of the digital currency.
Anyone who holds about 1 percent of all "Beans" also has 1 percent of the voting rights.
This is exactly what the hackers took advantage of.
In the first step, they borrowed almost a billion dollars in various digital currencies via a kind of “lightning loan”.
With that money, they immediately acquired a two-thirds majority in Bean and, with it, two-thirds of the voting rights.
After that, they decreed that all deposits in the amount of $182 million would be transferred to themselves.
According to the technology portal The Verge, what sounds like a complex operation took only 13 seconds.
After repaying the lightning loan and fees, the hackers still had $80 million left.
The Beanstalk team has no choice but to appeal to the thieves.
If they paid back 90 percent of the $80 million, they could keep the other 10 percent as a kind of finder's fee for uncovering the vulnerability.
However, it will also be difficult to deal with the case legally.
Strictly speaking, it wasn't a security hole at all.
The protocol wasn't secure against short-term takeover because Beanstalk's founders simply didn't anticipate such an attack.
There are always cases like this in the crypto world.
The most well-known case recently was a gigantic 650 million dollar theft: players of the Axie Infinity game, which is popular in Asia, were particularly affected.
The thieves targeted so-called bridge software.
This is used to exchange crypto money in the game for other digital currencies.
The hack stole 173,600 units of the digital currency Ethereum, the operators of the affected Ronin Bridge announced at the time.
The attackers managed to withdraw the digital currencies with hacked crypto keys.
Such bridges, which exchange digital currencies for other digital currencies or, as in this case, are used for purchases, have recently become the target of hackers again and again.Keywords: