Beanstalk Farms Stablecoin Hack
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Beanstalk Finance is a decentralized credit-based stablecoin protocol launched in August 2021 by anonymous developers under the pseudonym Publius, who later revealed themselves as Benjamin Weintraub, Brendan Sanderson, and Michael Montoya. Beanstalk Finance is unique as one of the few stablecoins which are fully decentralized and not collateralized. The stablecoin smart contract included a smart governance contract which allowed holders of the "stalk" token to propose and vote on new proposals. Fortunately for a certain attacker, the price to acquire the vast majority of the "stalk" token was cheaper than the value of the treasury, and they were able to pass a "blank cheque" proposal to generously donate all of the funds to themselves passed with a "strong majority of the community" behind it.
In the immediate aftermath, the anonymous developers realized that they were likely to be considered prime suspects in the theft and decided they didn't want to be anonymous anymore. They revealed their identities in the next town hall and moved forward in a more transparent manner with their community. They discussed various ideas with the community and ultimately conducted a "barn raise" to recover much of the value which had been lost, utilizing market incentives to successfully restore the peg to $1. The present market cap of Beanstalk does not appear to have fully recovered, however it appears healthy and the community still appears to be strong and active.
About Beanstalk Farms
Beanstalk describes itself as "a permissionless fiat stablecoin protocol"[1]. It is a decentralized algorithmic stablecoin protocol[2], an Ethereum-based credit-based protocol launched in August 2021[3] and designed for decentralized finance (DeFi) applications[4]. It aims to become the native decentralized finance (DeFi) stablecoin by offering a passive, high-yield, USD-deposit account to anyone with an Ethereum wallet[3], and to address the limitations of existing stablecoin implementations by providing a stablecoin that doesn't compromise decentralization, doesn't require collateral, has competitive carrying costs, and tends towards stability and liquidity[4].
The protocol utilizes a decentralized credit system instead of collateral to issue stablecoins[2]. Unlike collateralized stablecoins, Beanstalk uses credit instead of collateral, making it more resistant to regulation and centralized failure[3]. The existing stablecoins in DeFi cannot scale to meet the growing demand due to a lack of collateral, leading to limited supply and high borrowing/lending rates[3]. In contrast, Beanstalk's credit-based model allows for 0 borrowing costs and positive yield to holders[3].
The protocol operates as a decentralized autonomous organization (DAO) governed by a variable supply and yield-generating tokens[4]. It incorporates a decentralized credit facility, a network-native price oracle, and a self-adjusting interest rate to maintain the stablecoin's price peg without relying on user actions[4]. By offering these features, Beanstalk aims to unlock the full potential of DeFi[4].
The stablecoin, called Bean, is pegged to the US dollar[2]. The protocol adjusts different variables every hour to incentivize actions such as buying Beans, transferring Beans, staking Beans in the Silo, and lending debt to Beanstalk[3]. These actions help maintain the $1.00 peg of 1 Bean to USD[3]. Users can profit from Beanstalk by buying equity (Stalk) through staking Beans or by buying debt from Beanstalk[3]. Beanstalk is not a Ponzi scheme as it does not rely on attracting more lenders to pay off existing lenders[3]. The stability and utility of Beans attract new use cases, users, and Silo Depositors[3]. To learn more about Beanstalk, one can explore the whitepaper, listen to interviews with the founding team, participate in AMA sessions, join the Discord server, or ask questions on Twitter[3]. The future plans for Beanstalk include making the Stalk governance token tradeable, becoming a reserve treasury asset for other DeFi protocols, and expanding the community and DAO[3].
Beanstalk has released a video explaining the concept of stablecoins and the evolution of stablecoin protocols[2]. It introduces the first generation of collateralized stablecoins that hold off-chain collateral in a bank account, followed by the second generation that holds on-chain cryptocurrencies as collateral[2]. However, these collateral-based protocols face limitations in terms of supply and high interest rates[2]. Beanstalk, on the other hand, introduces a credit-based stability model where independent market participants coordinate to stabilize the Bean price[2]. By using credit instead of collateral, Beanstalk can issue enough Beans to meet the growing demand for stablecoins and offer lower borrowing costs[2]. It aims to be open, accessible, and available to anyone with internet access and an Ethereum wallet[2].
About The Founders
"Mr. Weintraub and his collaborators — Brendan Sanderson, 25, and Michael Montoya, 24 — kept their identities secret, calling themselves Publius, an homage to the authors of the Federalist Papers."
Empty Set Dollar Inspiration
The founders describe that it was inspired by empty set dollar, which is a stablecoin that previously collapsed. They believe that they have solved the problems associated with the collapse of the empty set dollar.
"In November of 2020, we happened to be in the same location around Thanksgiving, and hung out. At the time, ESD was the talk of DeFi. The hype around ESD, as a non-collateralized stablecoin, was aligned with our conviction about the frictions around collateralized stablecoin models. That evening, we read the ESD whitepaper together. While we were inspired by some of the contents, there were also apparent economic deficiencies throughout the model."
"That evening, we decided to work on an ESD fork as a side project that we thought would take 2-3 months. While the original problem attempted to be solved was high carrying costs on-chain, over time we realized that Beanstalk was actually an attempt at creating decentralized fiat money, backed by nothing but the credit of the protocol. In the end, Beanstalk, while influenced heavily by ESD, was designed from first principles from the ground up. Instead of a 2-3 month side project, it was a 8+ month sprint to design, develop and ultimately deploy Beanstalk on the Ethereum mainnet on August 6, 2021."
Protocol Launch In August 2021
"Beanstalk Protocol is a decentralized credit-based stablecoin protocol. It was launched in August of 2021 by a group of anonymous developers and economists using the pseudonym Publius." "Mr. Weintraub and two classmates from the University of Chicago had spent the past few months working on a software platform called Beanstalk, which offered a stablecoin, a type of cryptocurrency with a fixed value of $1."
"A decentralized, credit-based stablecoin is far superior to a collateralized stablecoin because (1) it is resistant to regulation & other centralized failure modes and (2) as demand for Beans grows, instead of scale penalizing users with negative carry costs, the growth of Beanstalk benefits users by distributing a yield back to anyone who is staking Beans." "Beanstalk, if successful, will dominate the stablecoin market to become the native DeFi stablecoin. In doing so, it will enable anyone to have a passive, high-yield, decentralized, USD-deposit account."
"Beanstalk uses a decentralized set of incentives that the system uses to continually oscillate the price of 1 $BEAN to $1.00USD. Users are able to do things like buy Beans, transfer Beans, Silo (“stake”) Beans, and lend debt to Beanstalk. All of these different actions, done by rational or irrational actors, ensure that Beanstalk keeps its $1.00 peg more & more tightly over time. The protocol updates different variables every “Season” (1 hour) to incentivize these different actions."
"The project’s inner workings were almost comically obscure. A white paper outlining its mechanics consists of 61 pages of graphs, charts and mathematical equations (as well as a quote from Alexander Hamilton’s letters)."
"“The number of Pods that grow from 1 Sown Bean is determined by the Temperature — the Beanstalk-native interest rate — at the time of Sowing,” reads one passage from a guide to the platform called the Farmers’ Almanac."
"From an individual participant’s standpoint, Convert allows peg maintenance to become a profit-maximizing activity, so in the instance where the Bean supply is in short-term excess (i.e., P < 1), the yield maximizing behavior for a Silo Member is to Convert LP to Beans, thereby increasing the price of Bean. Similarly, in the instance where there is a short-term shortage of Beans, (i.e., P > 1), the yield maximizing behavior for a Silo Member is to Convert Beans to LP, thereby decreasing the price of Bean. Another way of saying that is that those who perform peg maintenance are the same people who most participate in the growth of Beanstalk."
"Beanstalk’s smart contracts were audited by the blockchain security firm Omnicia." "Omniscia had audited BIP-7, which was the governance system."
"To their surprise, Beanstalk became an overnight sensation, attracting crypto speculators who viewed it as an exciting contribution to the experimental field of decentralized finance, or DeFi." "BIP-12 & BIP-16 were the BIPs introduced that allowed for BEAN3CRV-f and BEANLUSD-f LP tokens as being depositable into the protocol’s silo strategies. These 2 BIPs introduced new LP assets for flash loans."
Governance Mechanism
"When the software was released in August 2021, users who deposited their crypto got votes in an investor collective called a decentralized autonomous organization, or DAO, which had to agree to make changes to the software."
"Once a BIP is proposed, it requires a minimum of 7 days of voting time before being executed on-chain. This is supposed to act as a pseudo-timelock mechanism to allow proper time to verify the safety of the proposal." "However, the emergencyCommit() function allows a proposal to be immediately executed on-chain following a waiting period of 1 day as opposed to 7." "There is one caveat: the emergencyCommit() function, or any emergency governance action, can only be executed by an address that owns >67% of all outstanding Stalk a.k.a a 2/3 supermajority vote."
"When you make a BIP you specify a contract address and a function to run if the BIP passes. After 24 hours if 2/3's vote in favor you can immediately pass the vote." "The code that Mr. Weintraub and his partners had designed did not have a mechanism to stop someone from using a flash loan to take over the platform. So the hacker used the $1 billion to claim a huge stake in the Beanstalk DAO, taking total control of the software’s governance. Then the hacker transferred everyone’s funds — a total of nearly $200 million — out of the Beanstalk system."
Further Information On Beanstalk
Beanstalk offers various sections on their website to help users learn more about their platform and features[5]. The Beanstalk Learning Center provides valuable educational resources for users to enhance their understanding of the platform[5]. From the Community section, users can access the Beanstalk FAQ to find answers to common questions[5]. The Bean Merchant section likely provides information about merchants who accept Beanstalk as a form of payment[5]. The Zero to Beanstalk section might offer a beginner's guide or tutorial on how to get started with Beanstalk[5]. Additionally, there is a podcast featuring discussions with Publius, and another section comparing BEAN to ESD, possibly highlighting the differences between the two tokens[5].
The Reality
Smart contracts are highly risky and require only one significant flaw in order for funds to be lost. A long line of smart contract hacks, frauds, and scams attests to the dangers of participating in the smart contract ecosystem.
Run By Anonymous Founders
The protocol had been proposed by anonymous founders. When founders of a project are anonymous, special care needs to be taken to examine all of the methods of influence or control those founders have over the project. In the case of Beanstalk, the anonymous "Publius" had significant influence over the community through weekly town halls and their status as a founder. There are a wide myriad of things they could have done to manipulate the community into providing them with more funds and personal wealth, or to remove those funds from the treasury.
No Guarantees of Stable Price Mechanism
"It's worth clarifying—Beanstalk is not designed for Beans to always be worth a dollar and makes no such guarantee. Beanstalk is not in the business of keeping the price as close to a dollar as possible, and I would argue that in general, that isn't a meaningful indicator of what makes a stablecoin sound in the first place (UST was very stable until it wasn't; paid market makers only go so far)."
"Beanstalk is instead designed to oscillate the price of Bean above and below a dollar as often as possible. A subtle but important difference. There is never any guarantee that the system is 100% safe. Beanstalk makes no promises about stability. Beanstalk will almost certainly have large deviations from its peg in the future, and it welcomes volatility by design."
Governance Mechanism Flaws
One of the primary assumptions of the governance protocol was that the stalk allocation represented the community. This was flawed because only a subset of the community was interested in holding stalk. The possibility of an outsider acquiring a large quantity of stalk tokens was not fully contemplated.
Limited Smart Contract Audits Completed
The Beanstalk Finance smart contract was unaudited prior to a single audit from Omniscia[6], which failed to catch the potential governance vulnerability.
What Happened
A hacker took advantage of a vulnerability in Beanstalk's system, resulting in the theft of over $180 million from users[7][8].
"[A] hacker exploited a flaw in Beanstalk’s design to steal more than $180 million from users, one of a series of thefts this year targeting DeFi ventures." "[H]ackers stole $182 million (roughly Rs. 1,389 crore) from Beanstalk Farms, an Ethereum-based stablecoin protocol."
| Date | Event | Description |
|---|---|---|
| November 2020 | Empty Set Dollar Inspiration | "In November of 2020, we happened to be in the same location around Thanksgiving, and hung out. At the time, ESD was the talk of DeFi. The hype around ESD, as a non-collateralized stablecoin, was aligned with our conviction about the frictions around collateralized stablecoin models. That evening, we read the ESD whitepaper together. While we were inspired by some of the contents, there were also apparent economic deficiencies throughout the model."
The team starts to develop their own fork of the ESD project which they estimated would take 2-3 months. |
| August 6th, 2021 | Beanstalk Stablecoin Launched | The Beanstalk stablecoin first launches by a group of anonymous developers and economists who use the pseudonym Publius. |
| April 2nd, 2022 | Omniscia Audit Completed | "Omniscia completed its audit on April 2, 2022, identifying 8 findings using statistical analysis and 68 findings during the manual review. All 76 findings were promptly alleviated prior to the release of the audit report, with Omniscia ultimately concluding that “the codebase of the Beanstalk team can be considered of a very high standard and no outstanding issues remain within the codebase”"[6]. |
| April 16th, 2022 2:38:56 AM MDT | Ethereum Swapped For Bean Tokens | "Firstly, on April 16th, 2022, at 08:38:56 AM +UTC, an unknown Ethereum address swapped 73 ETH for 212,858 BEAN on Uniswap v2" "[T]he exploiter initially withdrew funds from TornadoCash, which they were then able to bridge over via the Synapse Bridge."
"Secondly, approximately nine minutes later, the same address deposited the 212,858 BEAN into the Beanstalk Silo." "Thirdly, since a proportionate amount of Stalk is immediately generated upon a whitelisted asset deposit, this Silo deposit allowed the address to propose Beanstalk Improvement Proposals (BIP) 18 and 19." "BIP-18 was originally left blank, and BIP-19 (exploiter named it InitBip18, we’ll get to that later) contained a verified contract that proposed a $250k donation to the Ukraine wallet address, as well as $10k to the proposer." |
| April 16th, 2022 3:52:35 AM MDT | BIP18 Proposed | BIP-18 was committed by the malicious actor to the Beanstalk governance protocol. The proposal was originally left blank[9]. |
| April 16th, 2022 4:54:45 AM MDT | BIP18 Submitted | The BIP-18 proposal is submitted[10]. "The BIP18 leads to the crafted code execution with the governance privilege to drain the pool fund."[11] |
| April 17th, 2022 6:24:16 AM MDT | Beanstalk Farms Protocol Drained | "Beanstalk DAO was exploited and drained of over $75 million on Easter Sunday, April 17, 2022 a little before 12:30PM UTC."
"Approximately 24h after proposing BIP-18 and 19, the exploiter initiated a flash loan attack on Beanstalk." "The perpetrator used a flash loan to exploit the protocol’s governance mechanism and send the funds to a wallet they controlled." "[T]he attacker took out a flash loan on lending platform Aave, which was used to amass a large amount of Beanstalk’s native governance token, stalk. With the voting power granted by these stalk tokens, the attacker was able to quickly pass a malicious governance proposal that drained all protocol funds into a private Ethereum wallet." "the exploiter flashloaned approximately $1B from Aave in DAI, USDC, BEAN, and LUSD which they promptly converted into 3CRV." "The 3CRV was used to supply one-sided liquidity to the BEAN:3CRV and BEAN:3LUSD liquidity pools on Curve. This allowed the exploiter to receive massive amounts of the aforementioned BEAN3CRV-f and BEAN3LUSD-f which are both whitelisted assets in the Beanstalk Silo." "These assets were then deposited in the Beanstalk Silo which caused the exploiter to immediately receive a proportionate amount of Stalk and Seed a.k.a Beanstalk governance/voting power. Since LP token assets generate the most Stalk and Seed yield per asset deposited, the exploiter generated approximately 70% of all outstanding Stalk in existence." "Having 70% of all Stalk effectively gave the exploiter a 2/3 supermajority vote, which they used to execute the emergencyCommit() function on BIP-18." "Flash loans complete in a single block, so the $BEAN that was loaned was actually non-existent. But the loan allowed the exploiter to inflate his holdings and get a supermajority of $STALK, to push through the BIP, before the loan closed."[12] |
| April 17th, 2022 7:15:00 AM MDT | PeckShield Report on Twitter | Blockchain research firm PeckShield reports the attack on Twitter. At the time, they mention the gain of $80m+ for the hacker, and described many of the events of the attack in further detail[13]. |
| April 17th, 2022 12:30:00 PM MDT | CoinDesk Article Published | CoinDesk publishes a story on the exploit. The losses were cited as $128m, the flash loan exploit was explained, and the town hall meeting on Sunday was announced in the article[14]. |
| July 13th, 2022 4:26:00 AM MDT | Honourable Mention | Twitter user Proof of No Work mentioned this case along with other failed stablecoin projects in his Tweet[15].
TBD - https://bean.money/blog/trail-of-bits-audit-of-beanstalk-completed other audits completed. |
| September 28th, 2022 3:00:37 AM MDT | New York Times Article | The situation receives mention in a New York Times article about how the decentralized finance (DeFi) sector has been plagued by a series of hacks, resulting in the theft of over $2 billion in digital currency this year. These attacks have targeted DeFi projects, including Beanstalk, which suffered a hack that led to the theft of more than $180 million. The hacks have exposed vulnerabilities in the code and smart contracts that power DeFi, and have raised concerns about the security and stability of the industry. Despite the losses, some affected projects are attempting to recover and improve their security measures to regain trust in the DeFi space[7]. |
Technical Details
"Beanstalk’s collective governance was ultimately its undoing. In April, a hacker borrowed $1 billion of cryptocurrency from another DeFi project, Aave. The transaction was a so-called flash loan — a lightning-fast process in which a crypto user borrows funds without posting any collateral, makes a trade and then immediately pays back the loan, keeping any profits generated from the series of near-simultaneous exchanges."
The initial proposal was submitted as BIP (Bean Improvement Proposal) 18 and 19, of which BIP-18 was effectively empty (to be determined), and BIP-19 proposed to be donating funds to Ukraine. There was a special clause in the governance called an emergencyCommit, which allowed the proposal to pass after a single day if a supermajority (>67%) could be obtained. Of course, one way to achieve a supermajority is to obtain 67% of the stalk tokens yourself. Therefore, with the support from "the majority of the community", their proposal was able to pass.
A proposal is effectively a smart contract.
BIP-18 Proposal
BIP-18 was effectively empty (to be determined). The source code of the smart contract had not been provided, so it was not visible.
BIP-19 Proposal
BIP-19 was a proposal which claimed to be for a donation to fund the Ukraine war effort. The smart contract included a clause to give $10,000 USD to the proposer, thereby seeming to create a legitimate incentive for the proposer.
Peckshield Analysis
PeckShield released an analysis on Twitter following the attack[13][11].
1/ The @BeanstalkFarms was exploited in a flurry of txs, leading to the gain of $80+M for the hacker (The protocol loss may be larger), including 24,830 ETH and 36M BEAN.
2/ The hack is made possible due to the flashloan-assisted (immediate) pass of BIP18, which was submitted one day ago. The BIP18 leads to the crafted code execution with the governance privilege to drain the pool fund.
3/ To illustrate, we use the hack tx and show the key steps below
4/ The initial funds to launch the hack are withdrawn from @SynapseProtocol and most of the result gains are deposited to @TornadoCash. Currently 15,154 ETH still stays in the hacker’s account. Note the hacker donates 250k USDC to Ukraine Crypto Donation.
Total Amount Lost
TBD Need more details on the amount lost. Sources, preferably from the blockchain.
The total amount lost has been estimated at $182,000,000 USD.
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
"[T]he Beanstalk contract on the Ethereum mainnet was exploited via a previously-unknown issue with Beanstalk’s governance process. The Beanstalk Farms team was immediately alerted and took action to temporarily shut off protocol governance and pause Beanstalk. Approximately $77M was stolen from the protocol’s liquidity pools. The team has since burned the remaining Beans in the exploiter contract."
PeckShield released an analysis on Twitter following the attack[13][11].
Mr. Weintraub's Story
"The morning of the hack, Mr. Weintraub, 24, was home for Passover in Montclair, N.J. He walked into his parents’ bedroom."
“Wake up,” he said. “Beanstalk is dead.”
Panic ensued. “I lost $1 million today,” one Beanstalk user declared on YouTube. “It happened through beans.” "I woke up this morning and it's been like a crazy 16 hours. I've been on calls all day, talking to people, trying to figure [this] out." "I mean, I'll be okay, you know." "[M]y pods harvested, umm, I siloed them, and I didn't withdraw them. And so I had it for 3 days. Umm, and I had other assets in the silo, before my pods harvested. And then Beans got hacked. It got exploited, and the hacker ran away with, I don't know, 80 mill, no, a hundred. I don't know. Maybe a hundred mill."
"I hope, you know, the plan is that I look at this video, 1 year from now and I'm like "Dude, you made it, you made it through this. And it was okay." Because that's the main thing. Is like... You know, today, look, I woke up, and, my phone was screaming at me. And I realized that I lost a fucking million dollars, and I was like "holy [moly]", like, you know. My brain, processing it, you know, just waking up."
"Umm... But then my brain, you know, kind of went like "Look, go work out." And, I don't know, there's a lot of thoughts that I have here, but like, just, you know, I'll always be able to work out. I'll always be able to eat good food. I have friends, I have shelter. Like, I'm okay." "It's tough, but, umm, we'll be okay you guys."
"According to PeckShield, the attacker laundered all stolen funds through Tornado Cash, which enables users to send and receive crypto while obfuscating its source." "The attacker appeared to donate $250,000 of the stolen funds to a Ukrainian relief wallet, according to PeckShield."
"Some users suspected that Mr. Weintraub and the other founders were behind the attack — a classic “rug pull” in which a team of developers flees with investors’ funds."
"@BeanstalkFarms has been exploited. I personally lost 25% of my net worth. Definitely over invested this time. What's more frustrating, I know many people who invested because of me and my content. There aren't proper words to express how sorry I am."
“The pitchforks were out,” Mr. Weintraub said. “It felt like death.”
"The market for Beanstalk’s BEAN stablecoin collapsed as a result of the attack. At press time, the token was down 86% from its $1 peg, according to CoinGecko."
"Beanstalk DAO was audited by Omniscia, but the exploit allegedly went through code introduced with governance proposals after the audit was done." "Omniscia had released press earlier in the day saying the cause of the exploit was introduced with BIP-12 and BIP-16." "[T]he audit was completed before the introduction of the flash loan vulnerability, the firm said in a Sunday post-mortem." "Omniscia is keen to point out that this attack fell outside the scope of their audit, however their report does include commentary on the governance contract." "Beanstalk said that the code that was exploited was the BIP-7 code and covered in the Omnicia audit."
"The core flaw that lead to the exploit manifesting is that the two new LP assets introduced for the project’s Silo system could be created via a flash-loan (as they represented LP units) and their Bean-Denominated-Value (BDV) calculation remained unaffected by the flash-loan in contrast to the Uniswap LP BDV calculator." "We believe there is a need to educate and inform non-technical market participants about the status, scope and limitations of technical audits. Our team is currently working on multiple initiative aimed at demystifying audits." "Going forward, we will make sure to stress our clients that iterative updates should at all times be fully audited and communicated to Omniscia prior to deployment."
"The problem here is that the audit was completed only 15 days before the exploit and they passed a governance system that, in their words, “allows the caller to circumvent the usual lifecycles of a proposal and immediately execute it” -“The voting system of Beanstalk by design permitted votes to be cast retroactively on any active BIPs”."
"Beanstalk [initially] declined to provide details to CoinDesk regarding whether funds would be reimbursed to users, saying more news will be coming in a town hall event scheduled for Sunday."
Ultimate Outcome
Initial Offer To Exploiter
"In the wake of yesterday's attack, Beanstalk Farms makes the following offer to the Exploiter:" "If you will return 90% of the withdrawn funds to the Beanstalk Farms multi-sig wallet 0x21DE18B6A8f78eDe6D16C50A167f6B222DC08DF7, Beanstalk will treat the remaining 10% as a Whitehat bounty properly payable to you." "We have sent the Exploiter an On-Chain Message."
Recovery From Ukraine Donation
"Hey! We received 250k usdc from your stolen funds. Unlike Russian soldiers in Ukraine, we do not take other people's possessions. Please verify your account on http://kuna.io and we will return the funds. Slava Ukraine!" "Beanstalk Farms would like to thank the honorable people of Ukraine for offering to return the portion of Beanstalk’s stolen funds that were sent to Kuna Exchange."
De-Anonymizing The Founders
"Presumably to avoid suspicion of an inside-job, Publius, the anon behind the protocol, took the decision to reveal their identity as a group of three in a statement published to Discord." "Ultimately, [Ben] and the other founders decided to continue the project. They reported the theft to the F.B.I. and held calls with Beanstalk enthusiasts to find a path forward. In an April post on the chat forum Discord, they also revealed their identities for the first time. It was a risky move: Even though the project wasn’t a traditional business, they could be vulnerable to lawsuits from users or regulatory scrutiny."
"Beanstalk devs had a community call the night of the hack and self-doxxed to the community. During the call they answered questions about what happened and what they were looking at going forward."
"So... Uhh... You know... It's a very humbling set of circumstances that have gotten us to this point in time. Uhhh... You know, we've lost the voice modifiers obviously. Uhhh... We think it's in the best interest of beanstalk moving forward for us to disclose who we are. We hope that doesn't become the focus here. But in the, in the, spirit of honesty and transparency, you know, we don't want a, like a... We don't want any, th-there to be any sort of ambiguity about whether we were involved in any way in attacking the protocol, which we were not."
"So, we're gonna disclose who we are and then, kind of, talk about what happened, and then, open up the floor and try to talk about next steps. So, umm, you know, my name is Benjamin Weintraub. Uhhh... I'm one of three people, uhhh, that we- you guys know us as Publius. Uhhh... the, my, my two other friends, uhh, Brendan Sanderson and Michael Montoya, uhh, we are who you have previously known as Publius. Uhhh... We are the individuals who created Beanstalk. And, you know, it-it, we're sorry to introduce ourselves to you guys in-in-in these circumstances. Umm..."
"Despite our commitment to decentralization and really trying to have Beanstalk... uhh... not have a head, in any capacity, and really just, run by itself, uhh... we've decided to disclose our identities bec-because of what's happened over the past days. So... uhh... you know, mmm-heh it is what it is. Umm... it's important that we say explicitly - we had nothing to do with the recent attack on Beanstalk whatsoever. We had no, uhh, involvement with, we have no prior knowledge of, uhh, any-anything having to do with the attack whatsoever. Umm... we don't know who did it. Uhh... at the moment, uhh, like all other investors in Beanstalk, uhh, we lost a significant amount of money, uhh, this morning, when the hack occurred, and, uhh, you know, it's it's very much too bad that this has happened. Umm, so, the, as soon as we learned of the attack we immediately reached out to the FBI. Uhh, they have not reached back out to us. But we informed the FBI's Internet crime center. Uhh... for about what happened. And, you know, we intend to fully cooperate with with the FBI to try to track down the perpetrators and, if it's at all possible, to try to recover any of the funds, uhh, that were stolen, uhh, in this attack."
"VC-funding, shared losses, giving spots in the pod line, and even Tetranode-funding were brought up in ways to re-fund the protocol and compensate users. Olympus DAO Protocol has links to Beanstalk and were also mentioned to help with liquidity." "“Everything is on the table” according to the devs, it all depends on how they can attract liquidity Estimate it will be a month at the earliest before any restart."
"NEW YORK , June 2, 2022 /PRNewswire/ -- Beanstalk, a decentralized credit-based stablecoin protocol, formally announces "The Barn Raise", a fundraiser to restore $77M of liquidity stolen from the protocol during a recent governance exploit and further recapitalize pre-exploit participants. "The Barn Raise" will begin June 6 at 12 p.m. ET and will last until all 'Fertilizer' tokens (Barn Raise tokens which will serve as certification of participation) are sold."
"Since the attack, the Beanstalk community has demonstrated incredible support for the project and provided numerous thoughtful ideas for a suitable path forward. The Beanstalk Farms team has taken these ideas into consideration and developed a proposal with four primary goals in mind: securing the enduring success of Beanstalk's economic model; attracting sufficient capital to restart Beanstalk; preserving as much of each Farmers' Stalk, Seed and Pod positions as possible, and; aligning new capital with previous Stalk and Pod holders."
"Over the last few months, the Beanstalk DAO has worked to restart the project, recruiting blockchain analysis firms to help track down the lost crypto. The group also hired Halborn, the security firm, which is reviewing the code to eliminate any vulnerabilities. Beanstalk officially reopened last month."
"Announcing the Barn Raise: a 10-day public fundraiser starting on 5/2 at Noon ET to restore Beanstalk’s liquidity and resume the protocol." "We’re holding a 60 minute AMA Town Hall with @isthispublius at 9 PM ET/ 6 PM PT to discuss the Barn Raise."
"BFP-66: Hire Halborn to Perform Audit has passed with 99.82% of voting Stalk. To ensure that the Beanstalk’s code is as secure as possible, Beanstalk has scheduled an end-to-end audit by Halborn beginning May 9."
"Beanstalk Farms now offers bounty to any individual or group who is able to identify the attacker and help us recover the withdrawn funds, with 10% of amount recovered as a result of their actions, shared equally among all eligible recipients, should there be more than one."
“we did it once in just 8 months we can do it again in 3” "Beanstalk Farms is still hard at work despite the setback last Sunday and is excited to see how the next couple weeks play out." "BFP-67: Barn Raise Proposal has passed with 100% of the 58M Stalk that voted approving the Barn Raise, a public ten-day fundraiser beginning May 2." "Beanstalk Farms proposes using the remaining 300,000 USDC as a discretionary operating budget to support Beanstalk on The Path Forward." "Beanstalk Farms proposes changing the start date of the Barn Raise from Monday, May 2 at 4pm UTC to Monday, May 9 at 4pm UTC as conversations with capital sources continue to develop."
"BFP-69: Start Date Change for the Barn Raise has passed with 68.5% of the 45M Stalk that voted approving the start date change for the Barn Raise to be May 9 instead of May 2." "BFP-70: The Path Forward, OTC Terms and Timeline has passed with 95.3% of the 34.6M Stalk that voted approving the OTC terms and postponing the Barn Raise." "Beanstalk Farms proposes The Barn Raise to start June 6 with a new structure. While OTC conversations are still in the works, this proposal provides the opportunity for everyone to participate. Vote on the Snapshot below and stay tuned for more details."
"BFP-71: The Path Forward, Barn Raise Structure and Timing has passed with 100% of the 25M Stalk that voted approving the start date and updated structure for the Barn Raise." "With BFP-71 passing, the Barn Raise [finally began] Monday, June 6 at 4:00pm UTC and end[ed] on Monday June 27 at 4:00pm UTC or until all NFTs are sold." "BFP-72: With this proposal, the Barn Raise extends until all $77M is raised, even through the Unpause. All Beans, BDV, Stalk and Seeds subject to vesting schedule, and no longer face a haircut." "Over $5.5M of Fertilizer sold in the first hour of the Barn Raise."
"After losing close to $182 million in a governance hack and being on a four-month sabbatical, Beanstalk stablecoin protocol is finally back after receiving a unanimous thumbs-up from the community." "This is a historic moment, beanstalk has so many possibilities and holds so much promise in solving our economic, and societal limitations. We pray for its much success."
"An enormous thanks is due to everyone who has supported Beanstalk since its inception, and in particular during the time since the attack. The outstanding community of thoughtful and cooperative Farmers are responsible for instilling light in the protocol during its darkest day and played a central role in the development of this proposal."
"Such comeback efforts are increasingly common in crypto." “We’ve always been so transparent with the community that this is an experiment,” Mr. Weintraub said. “We’re all figuring this out together.”
"The stolen funds remain missing."
Total Amount Recovered
The total amount recovered has been estimated at $33,000,000 USD.
Community Barn Raising
Funds From The Theft
"The stolen funds remain missing."
Ongoing Developments
What parts of this case are still remaining to be concluded?
Ongoing Attempts To Recover Funds
Is there any investigation still underway into the theft, such as determining the culprits.
Individual Prevention Policies
The Beanstalk Farms protocol had limited auditing for the security of the protocol. Users should apply pressure to platforms to obtain additional audits and not invest funds in protocols which are insufficiently audited.
Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.
In addition, the treasury which backed the protocol was not secured in a proper multi-signature wallet. Even with a proper governance and well-audited smart contract, it is still prudent to ensure that treasury funds are largely managed by a multi-signature wallet. Most protocols are significantly more complex, which can allow vulnerabilities to exist undetected, and computer code typically lacks the general ability to safeguard against fraud.
When using any third party custodial platform (such as for trading), it is important to verify that the platform has a full backing of all assets, and that assets have been secured in a proper multi-signature wallet held by several trusted and trained individuals. If this can't be validated, then users should avoid using that platform. Unfortunately, most centralized platforms today still do not provide the level of transparency and third party validation which would be necessary to ensure that assets have been kept secure and properly backed. Therefore, the most effective strategy at present remains to learn proper self custody practices and avoid using any third party custodial platforms whenever possible.
Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.
The primary issue was trusting a complex governance mechanism as opposed to a simpler multi-signature setup for safeguarding treasury funds. While programmatic security can theoretically achieve a high level of security, the additional complexity can often obscure vulnerabilities and there are often ways to attain unintended access that are not foreseen (such as the market price of the governance token being sufficiently cheap that buying governance is affordable). There was no human oversight involved which could have prevented the transfer of funds, no insurance or treasury in place in case anything went wrong, and the governance protocol itself had only been audited by a single smart contract auditing firm.
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
The specific flaws in the governance protocol were that proposals could be submitted by outsiders with limited reputation or history in the community, BIPs could be submitted without being validated (a voting period versus a timelock), and that the stalk governance token price was substantially lower than the value which could be obtained via a withdrawal from the treasury through a proposal. There is no doubt that additional audits would have increased the probability of discovering those vulnerabilities. Different platforms offer different perspectives. Having validation provided by firms selected by the insurance fund provides for a strong alignment of incentives to motivate vulnerabilities to be found, and it is still recommended to have funds set aside to handle failure situations.
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
While regulators need to ensure that there adequate controls around platforms, this is best managed through industry expert organizations. Obtaining multiple reviews from security firms which specialize in assessing risks such as these serves the best chance of detecting such vulnerabilities, while an industry insurance fund can be available to minimize the impact of any remaining vulnerabilities that manage to make it through the initial scrutiny.
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Beanstalk Hompage - A permissionless fiat stablecoin protocol (Jul 14, 2022)
- ↑ 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 What is Beanstalk? - YouTube (Jul 14, 2022)
- ↑ 3.00 3.01 3.02 3.03 3.04 3.05 3.06 3.07 3.08 3.09 3.10 3.11 Updated Beanstalk FAQ - by Bean Merchant (Jul 14, 2022)
- ↑ 4.0 4.1 4.2 4.3 4.4 Beanstalk: A Permissionless Fiat Stablecoin Protocol - Bean Money Docs (Jul 14, 2022)
- ↑ 5.0 5.1 5.2 5.3 5.4 5.5 Learn - Beanstalk Homepage (Jul 14, 2022)
- ↑ 6.0 6.1 Omniscia Audit of Beanstalk Completed - Beanstalk Farms (Jun 21, 2023)
- ↑ 7.0 7.1 The Crypto World Is on Edge After a String of Hacks - The New York Times (Jun 28, 2023)
- ↑ Bored Ape Yacht Club Instagram, Discord Hacked, NFTs Worth $13.7 Million Stolen | Technology News (Jun 20, 2022)
- ↑ Creation of BIP-18 (InitBip18) Proposal - Etherscan (Apr 19, 2023)
- ↑ BIP18 Submission - Etherscan (Apr 19, 2023)
- ↑ 11.0 11.1 11.2 PeckShield - The BIP18 leads to the crafted code execution with the governance privilege to drain the pool fund." - Twitter (Apr 19, 2023)
- ↑ Beanstalk Farms Exploit Transaction - Etherscan (Apr 19, 2023)
- ↑ 13.0 13.1 13.2 peckshield - "The @BeanstalkFarms was exploited in a flurry of t[ransaction]s" - Twitter (Jul 16, 2022)
- ↑ Attacker Drains $182M From Beanstalk Stablecoin Protocol - CoinDesk (Jul 16, 2022)
- ↑ ABettaMeta - "Yeah flexUSD, UST, DEI, TITAN, BitUSD, NuBits, Basecoin, One Cash, Dynamic Set Dollar, unified Stable Dollar, bDollar, Midas Dollar, Freeliquid, Stand Cash, BondAppetite, Empty Set Dollar, Coffin Dollar, OpenDAO, Wault Finance, BeanStalk, & DefiDollar holders are all doing great!" - Twitter (Jul 13, 2022)
Cite error: <ref> tag with name "abettametatwitter-9354" defined in <references> is not used in prior text.