Beanstalk Farms offers plea deal to perpetrators of $76M exploit

Published at: April 20, 2022

Beanstalk Farms, a credit-based stablecoin protocol exploited for around $76 million in crypto on April 18, has offered a bounty of 10% if the attackers return the funds. 

The offer was posted on the company’s Twitter and sent to the attackers via an on-chain message the following day. It proposed that the exploiters return 90% of the stolen funds to the Beanstalk Farms’ multisignature wallet.

In return, the exploiters will be allowed to keep the remaining 10% as a whitehat bounty — a deal offered by platforms to reward individuals for reporting security exploits and vulnerabilities.

As previously reported by Cointelegraph, the $76 million exploit, which was initially thought to be around $182 million, was not considered to be a hack, as the smart contracts and governance procedures used to carry out the transfer had functioned as designed. 

If you will return 90% of the withdrawn funds to the Beanstalk Farms multi-sig wallet 0x21DE18B6A8f78eDe6D16C50A167f6B222DC08DF7, Beanstalk will treat the remaining 10% as a Whitehat bounty properly payable to you.

— Beanstalk Farms (@BeanstalkFarms) April 18, 2022

During a podcast on Monday, Beanstalk founders including Benjamin Weintraub, Brendan Sanderson and Michael Montoya admitted that flaws in its design “ultimately led to its undoing.” A statement on Tuesday affirmed that a previously-unknown issue with Beanstalk’s governance process was the mechanism used for the exploit.

Related: Beanstalk Farms loses $182M in DeFi governance exploit

The Tuesday statement also added that it temporarily shut off protocol governance and paused Beanstalk while preparing a strategy to re-launch with a path forward.

Spokesperson Weintraub returned to the podcast on Tuesday to discuss a path forward for the company, which includes some sort of fundraising.

“Let’s start with what’s the problem. Beanstalk had something like $76 million stolen from it yesterday. Now, it needs to recoup as much of that money as possible. It doesn’t need to recoup all of that money.”

Weintraub floated a number of possibilities to raise the required funds should the exploiter fail to return the funds, such as offering a newly created token or slashing its users’ token holdings, known as Pods, Stalk and Beans. Pods, Stalk and Beans are the ERC-20 tokens used to power the credit-based stablecoin protocol.

However, Weintraub admits that the specific structure to raise the capital is still “very much in the air,” but remained upbeat about the protocol’s survivability.

“From our perspective, Beanstalk isn’t going anywhere. Beanstalk Farms isn’t going anywhere. The real question is how much of the $76 million Beanstalk is able to crowdsource. This isn’t the worst place to be in, guys.” 
Tags
Blockchain
Altcoin
Business
Hacks
Stablecoin
Security
Related Posts
Blockchain explores private stablecoin that could deliver instant, untraceable payments
A network that’s home to tools and applications championing anonymity has announced that it is exploring the development of oxUSD, a privacy preserving stablecoin. Oxen’s network is already used to power the anonymous messaging app Session — as well as Lokinet, a router that offers an alternative to Tor. However, the project’s team say their infrastructure is capable of handling so much more. They believe a private stablecoin would be a powerful complement to the products that are already on offer, delivering instant and untraceable digital payments. When it comes to the rationale behind launching such a digital asset, Oxen …
Technology / July 28, 2021
Terra lawsuit a ‘roadmap’ to attack other stablecoins: Delphi Labs
The United States Securities and Exchange Commission’s (SEC's) lawsuit against Terraform Labs and its co-founder Do Kwon could be seen as an SEC “roadmap” to taking down other stablecoins, according to a lawyer. Gabriel Shapiro, general counsel at investment firm Delphi Labs, explained to his 33,800 Twitter followers on Feb. 16 that the SEC’s arguments in its complaint against Kwon and Terraform were “more thorough than usual.” whew lad, lots to digest in the SEC lawsuit vs Do Kwon and Terraform Labs right off the bat, a very interesting fact is that the SEC is being more thorough than usual--specifically …
Blockchain / Feb. 17, 2023
Anchor protocol's reserves head toward depletion due to lack of borrowing demand
Anchor, the flagship savings protocol of the Terra Luna (LUNA) ecosystem, has seen its reserves decline by 35.7% in the past seven days according to Terra.Engineer. Since the beginning of December, the amount of Terra USD Stablecoin (UST) held in the "terra1tmnqgvg567ypvsvk6rwsga3srp7e3lg6u0elp8" smart contract has declined by over 50%, with only $35.7 million remaining. As a savings protocol, users deposit their UST assets via their wallets and earn up to 20% yields as their principal is lent out to borrowers, who pay interest on the loan amount. Borrowers must deposit collateral to ensure the lender can get their money back …
Adoption / Jan. 27, 2022
Tether to launch GBPT stablecoin pegged to British pound sterling
Major stablecoin company Tether is expanding its stablecoin offering with a new cryptocurrency pegged to the British pound sterling (GBP). Tether officially announced on Wednesday that its upcoming GBP-pegged stablecoin, GBPT, will launch in early July and will initially be supported by the Ethereum blockchain. GBPT will be a stable digital currency pegged on the 1:1 ratio to the GBPT, aiming to provide a faster and cheaper option for asset transfers. GBPT joins a family of four other fiat currency-pegged Tether (USDT) tokens, including the largest stablecoin by market capitalization, USDT. Other stablecoins include the euro-pegged EURT, the offshore Chinese …
Blockchain / June 22, 2022
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022