Not NFT, but a decentralzed finance cryptocurrency project, which had nearly $200 million stolen, using a technique requiring very little technical knowledge, and no decoding passwords at all.
The simple version is that the hacker took a very short term loan of crypto for about a billion dollars, invested this in the distributed finance project Beanstalk, which gave them a super-majority of the assets, and hence a super-majority of the votes, in the fund.
The thief then used his super-majority to approve a software update which in tern setn sent them $182 million, and he then returned the loan, with whatever fee was charged, and pocketed the difference.
This is the sort of scam that banks have developed countermeasures for during the past few centuries, but the crypto folks want to innovate beyond this.
A fool and his money are soon parted:
On Sunday, an attacker managed to drain around $182 million of cryptocurrency from Beanstalk Farms, a decentralized finance (DeFi) project aimed at balancing the supply and demand of different cryptocurrency assets. Notably, the attack exploited Beanstalk’s majority vote governance system, a core feature of many DeFi protocols.
The attack was spotted on Sunday morning by blockchain analytics company PeckShield, which estimated the net profit for the hacker was around $80 million of the total funds stolen, minus some of the borrowed funds that were required to perform the attack.
Beanstalk admitted to the attack in a tweet shortly afterward, saying they were “investigating the attack and will make an announcement to the community as soon as possible.”
Beanstalk describes itself as a “decentralized credit based stablecoin protocol.” It operates a system where participants earn rewards by contributing funds to a central funding pool (called “the silo”) that is used to balance the value of one token (known as a “bean”) at close to $1.
Like many other DeFi projects, the creators of Beanstalk — a development team called Publius — included a governance mechanism where participants could vote collectively on changes to the code. They would then obtain voting rights in proportion to the value of tokens that they held, creating a vulnerability that would prove to be the project’s undoing.
The attack was made possible by another DeFi product called a “flash loan,” which allows users to borrow large amounts of cryptocurrency for very short periods of time (minutes or even seconds). Flash loans are meant to provide liquidity or take advantage of price arbitrage opportunities but can also be used for more nefarious purposes.
According to analysis from blockchain security firm CertiK, the Beanstalk attacker used a flash loan obtained through the decentralized protocol Aave to borrow close to $1 billion in cryptocurrency assets and exchanged these for enough beans to gain a 67 percent voting stake in the project. With this supermajority stake, they were able to approve the execution of code that transferred the assets to their own wallet. The attacker then instantly repaid the flash loan, netting an $80 million profit.
Based on the duration of an Aave flash loan, the entire process took place in less than 13 seconds.
This is why banks are tightly regulated, because they are constantly the target of theft attempts, because, as not-Willie Sutton said, "Because that's where the money is."
Regulations have developed over centuries in banking, and manufacturing, and safety as a result of disasters that have cost people their lives or their fortunes.
The evasion of these regulations, "Because ……… Internet," is an indicator of dishonesty, or stupidity, or both.
0 comments :
Post a Comment