Less than a month after the $625 million Axie Infinity attack, the DeFi sector may be facing a new vulnerability. The hacker made off with more than $70 million in crypto. The remaining assets were taken in the form of drained liquidity linked to the protocol's governance token.
PeckShield Inc, a blockchain and data analytics firm, sent a Twitter warning to BeanStalk DAO about the possibility of a flash loan on the protocol.
It's worth noting that neither PeckShield nor BeanStalk DAO have officially confirmed that the $75 million flash loan was performed but evidence suggests that the exploiter utilized an accumulation of governance tokens gained through a flash loan to make a fraudulent proposal to upgrade the protocol in order to send the assets stored in the protocol to an address used to collect donations for the Ukrainian government.