$182 000 000 USD

APRIL 2022

GLOBAL

BEANSTALK

DESCRIPTION OF EVENTS

"Beanstalk is a credit-based stablecoin." "A decentralized credit based stablecoin protocol." "Beanstalk uses credit instead of collateral to trustlessly issue a decentralized stablecoin with protocol-native high-APY." "Beanstalk was inspired by Empty Set Dollar. The failures of Empty Set Dollar and similar stablecoin implementations provided invaluable information that influenced the design of Beanstalk"

 

"In essence, Beanstalk allowed people to deposit tens of millions of dollars in virtual currency into a software system, which generated interest and helped maintain the value of a stablecoin called a bean."

 

"Beanstalk Protocol is a decentralized credit-based stablecoin protocol. It was launched in August of 2021 by a group of anonymous developers and economists using the pseudonym Publius." "Mr. Weintraub and two classmates from the University of Chicago had spent the past few months working on a software platform called Beanstalk, which offered a stablecoin, a type of cryptocurrency with a fixed value of $1." "Mr. Weintraub and his collaborators — Brendan Sanderson, 25, and Michael Montoya, 24 — kept their identities secret, calling themselves Publius, an homage to the authors of the Federalist Papers."

 

"In November of 2020, we happened to be in the same location around Thanksgiving, and hung out. At the time, ESD was the talk of DeFi. The hype around ESD, as a non-collateralized stablecoin, was aligned with our conviction about the frictions around collateralized stablecoin models. That evening, we read the ESD whitepaper together. While we were inspired by some of the contents, there were also apparent economic deficiencies throughout the model."

 

"That evening, we decided to work on an ESD fork as a side project that we thought would take 2-3 months. While the original problem attempted to be solved was high carrying costs on-chain, over time we realized that Beanstalk was actually an attempt at creating decentralized fiat money, backed by nothing but the credit of the protocol. In the end, Beanstalk, while influenced heavily by ESD, was designed from first principles from the ground up. Instead of a 2-3 month side project, it was a 8+ month sprint to design, develop and ultimately deploy Beanstalk on the Ethereum mainnet on August 6, 2021."

 

"A decentralized, credit-based stablecoin is far superior to a collateralized stablecoin because (1) it is resistant to regulation & other centralized failure modes and (2) as demand for Beans grows, instead of scale penalizing users with negative carry costs, the growth of Beanstalk benefits users by distributing a yield back to anyone who is staking Beans." "Beanstalk, if successful, will dominate the stablecoin market to become the native DeFi stablecoin. In doing so, it will enable anyone to have a passive, high-yield, decentralized, USD-deposit account."

 

"When the software was released in August 2021, users who deposited their crypto got votes in an investor collective called a decentralized autonomous organization, or DAO, which had to agree to make changes to the software."

 

"Beanstalk uses a decentralized set of incentives that the system uses to continually oscillate the price of 1 $BEAN to $1.00USD. Users are able to do things like buy Beans, transfer Beans, Silo (“stake”) Beans, and lend debt to Beanstalk. All of these different actions, done by rational or irrational actors, ensure that Beanstalk keeps its $1.00 peg more & more tightly over time. The protocol updates different variables every “Season” (1 hour) to incentivize these different actions."

 

"The project’s inner workings were almost comically obscure. A white paper outlining its mechanics consists of 61 pages of graphs, charts and mathematical equations (as well as a quote from Alexander Hamilton’s letters)."

 

"“The number of Pods that grow from 1 Sown Bean is determined by the Temperature — the Beanstalk-native interest rate — at the time of Sowing,” reads one passage from a guide to the platform called the Farmers’ Almanac."

 

"From an individual participant’s standpoint, Convert allows peg maintenance to become a profit-maximizing activity, so in the instance where the Bean supply is in short-term excess (i.e., P < 1), the yield maximizing behavior for a Silo Member is to Convert LP to Beans, thereby increasing the price of Bean. Similarly, in the instance where there is a short-term shortage of Beans, (i.e., P > 1), the yield maximizing behavior for a Silo Member is to Convert Beans to LP, thereby decreasing the price of Bean. Another way of saying that is that those who perform peg maintenance are the same people who most participate in the growth of Beanstalk."

 

"Beanstalk’s smart contracts were audited by the blockchain security firm Omnicia." "Omniscia had audited BIP-7, which was the governance system."

 

"It's worth clarifying—Beanstalk is not designed for Beans to always be worth a dollar and makes no such guarantee. Beanstalk is not in the business of keeping the price as close to a dollar as possible, and I would argue that in general, that isn't a meaningful indicator of what makes a stablecoin sound in the first place (UST was very stable until it wasn't; paid market makers only go so far)."

 

"Beanstalk is instead designed to oscillate the price of Bean above and below a dollar as often as possible. A subtle but important difference. There is never any guarantee that the system is 100% safe. Beanstalk makes no promises about stability. Beanstalk will almost certainly have large deviations from its peg in the future, and it welcomes volatility by design."

 

"To their surprise, Beanstalk became an overnight sensation, attracting crypto speculators who viewed it as an exciting contribution to the experimental field of decentralized finance, or DeFi." "BIP-12 & BIP-16 were the BIPs introduced that allowed for BEAN3CRV-f and BEANLUSD-f LP tokens as being depositable into the protocol’s silo strategies. These 2 BIPs introduced new LP assets for flash loans."

 

"[A] hacker exploited a flaw in Beanstalk’s design to steal more than $180 million from users, one of a series of thefts this year targeting DeFi ventures." "[H]ackers stole $182 million (roughly Rs. 1,389 crore) from Beanstalk Farms, an Ethereum-based stablecoin protocol." "Beanstalk’s collective governance was ultimately its undoing. In April, a hacker borrowed $1 billion of cryptocurrency from another DeFi project, Aave. The transaction was a so-called flash loan — a lightning-fast process in which a crypto user borrows funds without posting any collateral, makes a trade and then immediately pays back the loan, keeping any profits generated from the series of near-simultaneous exchanges."

 

"Firstly, on April 16th, 2022, at 08:38:56 AM +UTC, an unknown Ethereum address swapped 73 ETH for 212,858 BEAN on Uniswap v2" "[T]he exploiter initially withdrew funds from TornadoCash, which they were then able to bridge over via the Synapse Bridge."

 

"Secondly, approximately nine minutes later, the same address deposited the 212,858 BEAN into the Beanstalk Silo." "Thirdly, since a proportionate amount of Stalk is immediately generated upon a whitelisted asset deposit, this Silo deposit allowed the address to propose Beanstalk Improvement Proposals (BIP) 18 and 19." "BIP-18 was committed by [the] malicious actor as part of the Beanstalk governance exploit on April 17, 2022." "Beanstalk DAO was exploited and drained of over $75 million on Easter Sunday, April 17, 2022 a little before 12:30PM UTC."

 

"BIP-18 was originally left blank, and BIP-19 (exploiter named it InitBip18, we’ll get to that later) contained a verified contract that proposed a $250k donation to the Ukraine wallet address, as well as $10k to the proposer."

 

"Approximately 24h after proposing BIP-18 and 19, the exploiter initiated a flash loan attack on Beanstalk." "As seen above, the exploiter flashloaned approximately $1B from Aave in DAI, USDC, BEAN, and LUSD which they promptly converted into 3CRV." "The 3CRV was used to supply one-sided liquidity to the BEAN:3CRV and BEAN:3LUSD liquidity pools on Curve. This allowed the exploiter to receive massive amounts of the aforementioned BEAN3CRV-f and BEAN3LUSD-f which are both whitelisted assets in the Beanstalk Silo."

 

"These assets were then deposited in the Beanstalk Silo which caused the exploiter to immediately receive a proportionate amount of Stalk and Seed a.k.a Beanstalk governance/voting power. Since LP token assets generate the most Stalk and Seed yield per asset deposited, the exploiter generated approximately 70% of all outstanding Stalk in existence." "Having 70% of all Stalk effectively gave the exploiter a 2/3 supermajority vote, which they used to execute the emergencyCommit() function on BIP-18."

 

"Once a BIP is proposed, it requires a minimum of 7 days of voting time before being executed on-chain. This is supposed to act as a pseudo-timelock mechanism to allow proper time to verify the safety of the proposal." "However, the emergencyCommit() function allows a proposal to be immediately executed on-chain following a waiting period of 1 day as opposed to 7." "There is one caveat: the emergencyCommit() function, or any emergency governance action, can only be executed by an address that owns >67% of all outstanding Stalk a.k.a a 2/3 supermajority vote."

 

"When you make a BIP you specify a contract address and a function to run if the BIP passes. After 24 hours if 2/3's vote in favor you can immediately pass the vote." "The code that Mr. Weintraub and his partners had designed did not have a mechanism to stop someone from using a flash loan to take over the platform. So the hacker used the $1 billion to claim a huge stake in the Beanstalk DAO, taking total control of the software’s governance. Then the hacker transferred everyone’s funds — a total of nearly $200 million — out of the Beanstalk system."

 

"[T]he Beanstalk contract on the Ethereum mainnet was exploited via a previously-unknown issue with Beanstalk’s governance process. The Beanstalk Farms team was immediately alerted and took action to temporarily shut off protocol governance and pause Beanstalk. Approximately $77M was stolen from the protocol’s liquidity pools. The team has since burned the remaining Beans in the exploiter contract."

 

"The perpetrator used a flash loan to exploit the protocol’s governance mechanism and send the funds to a wallet they controlled." "[T]he attacker took out a flash loan on lending platform Aave, which was used to amass a large amount of Beanstalk’s native governance token, stalk. With the voting power granted by these stalk tokens, the attacker was able to quickly pass a malicious governance proposal that drained all protocol funds into a private Ethereum wallet."

 

"Flash loans complete in a single block, so the $BEAN that was loaned was actually non-existent. But the loan allowed the exploiter to inflate his holdings and get a supermajority of $STALK, to push through the BIP, before the loan closed."

 

"The morning of the hack, Mr. Weintraub, 24, was home for Passover in Montclair, N.J. He walked into his parents’ bedroom."

 

“Wake up,” he said. “Beanstalk is dead.”

 

Panic ensued. “I lost $1 million today,” one Beanstalk user declared on YouTube. “It happened through beans.” "I woke up this morning and it's been like a crazy 16 hours. I've been on calls all day, talking to people, trying to figure [this] out." "I mean, I'll be okay, you know." "[M]y pods harvested, umm, I siloed them, and I didn't withdraw them. And so I had it for 3 days. Umm, and I had other assets in the silo, before my pods harvested. And then Beans got hacked. It got exploited, and the hacker ran away with, I don't know, 80 mill, no, a hundred. I don't know. Maybe a hundred mill."

 

"I hope, you know, the plan is that I look at this video, 1 year from now and I'm like "Dude, you made it, you made it through this. And it was okay." Because that's the main thing. Is like... You know, today, look, I woke up, and, my phone was screaming at me. And I realized that I lost a fucking million dollars, and I was like "holy [moly]", like, you know. My brain, processing it, you know, just waking up."

 

"Umm... But then my brain, you know, kind of went like "Look, go work out." And, I don't know, there's a lot of thoughts that I have here, but like, just, you know, I'll always be able to work out. I'll always be able to eat good food. I have friends, I have shelter. Like, I'm okay." "It's tough, but, umm, we'll be okay you guys."

 

"According to PeckShield, the attacker laundered all stolen funds through Tornado Cash, which enables users to send and receive crypto while obfuscating its source." "The attacker appeared to donate $250,000 of the stolen funds to a Ukrainian relief wallet, according to PeckShield."

 

"Some users suspected that Mr. Weintraub and the other founders were behind the attack — a classic “rug pull” in which a team of developers flees with investors’ funds."

 

"@BeanstalkFarms has been exploited. I personally lost 25% of my net worth. Definitely over invested this time. What's more frustrating, I know many people who invested because of me and my content. There aren't proper words to express how sorry I am."

 

“The pitchforks were out,” Mr. Weintraub said. “It felt like death.”

 

"The market for Beanstalk’s BEAN stablecoin collapsed as a result of the attack. At press time, the token was down 86% from its $1 peg, according to CoinGecko."

 

"Beanstalk DAO was audited by Omniscia, but the exploit allegedly went through code introduced with governance proposals after the audit was done." "Omniscia had released press earlier in the day saying the cause of the exploit was introduced with BIP-12 and BIP-16." "[T]he audit was completed before the introduction of the flash loan vulnerability, the firm said in a Sunday post-mortem." "Omniscia is keen to point out that this attack fell outside the scope of their audit, however their report does include commentary on the governance contract." "Beanstalk said that the code that was exploited was the BIP-7 code and covered in the Omnicia audit."

 

"The core flaw that lead to the exploit manifesting is that the two new LP assets introduced for the project’s Silo system could be created via a flash-loan (as they represented LP units) and their Bean-Denominated-Value (BDV) calculation remained unaffected by the flash-loan in contrast to the Uniswap LP BDV calculator." "We believe there is a need to educate and inform non-technical market participants about the status, scope and limitations of technical audits. Our team is currently working on multiple initiative aimed at demystifying audits." "Going forward, we will make sure to stress our clients that iterative updates should at all times be fully audited and communicated to Omniscia prior to deployment."

 

"The problem here is that the audit was completed only 15 days before the exploit and they passed a governance system that, in their words, “allows the caller to circumvent the usual lifecycles of a proposal and immediately execute it” -“The voting system of Beanstalk by design permitted votes to be cast retroactively on any active BIPs”."

 

"Beanstalk [initially] declined to provide details to CoinDesk regarding whether funds would be reimbursed to users, saying more news will be coming in a town hall event scheduled for Sunday."

 

"In the wake of yesterday's attack, Beanstalk Farms makes the following offer to the Exploiter:" "If you will return 90% of the withdrawn funds to the Beanstalk Farms multi-sig wallet 0x21DE18B6A8f78eDe6D16C50A167f6B222DC08DF7, Beanstalk will treat the remaining 10% as a Whitehat bounty properly payable to you." "We have sent the Exploiter an On-Chain Message."

 

"Hey! We received 250k usdc from your stolen funds. Unlike Russian soldiers in Ukraine, we do not take other people's possessions. Please verify your account on http://kuna.io and we will return the funds. Slava Ukraine!" "Beanstalk Farms would like to thank the honorable people of Ukraine for offering to return the portion of Beanstalk’s stolen funds that were sent to Kuna Exchange."

 

"Presumably to avoid suspicion of an inside-job, Publius, the anon behind the protocol, took the decision to reveal their identity as a group of three in a statement published to Discord." "Ultimately, [Ben] and the other founders decided to continue the project. They reported the theft to the F.B.I. and held calls with Beanstalk enthusiasts to find a path forward. In an April post on the chat forum Discord, they also revealed their identities for the first time. It was a risky move: Even though the project wasn’t a traditional business, they could be vulnerable to lawsuits from users or regulatory scrutiny."

 

"Beanstalk devs had a community call the night of the hack and self-doxxed to the community. During the call they answered questions about what happened and what they were looking at going forward."

 

"So... Uhh... You know... It's a very humbling set of circumstances that have gotten us to this point in time. Uhhh... You know, we've lost the voice modifiers obviously. Uhhh... We think it's in the best interest of beanstalk moving forward for us to disclose who we are. We hope that doesn't become the focus here. But in the, in the, spirit of honesty and transparency, you know, we don't want a, like a... We don't want any, th-there to be any sort of ambiguity about whether we were involved in any way in attacking the protocol, which we were not."

 

"So, we're gonna disclose who we are and then, kind of, talk about what happened, and then, open up the floor and try to talk about next steps. So, umm, you know, my name is Benjamin Weintraub. Uhhh... I'm one of three people, uhhh, that we- you guys know us as Publius. Uhhh... the, my, my two other friends, uhh, Brendan Sanderson and Michael Montoya, uhh, we are who you have previously known as Publius. Uhhh... We are the individuals who created Beanstalk. And, you know, it-it, we're sorry to introduce ourselves to you guys in-in-in these circumstances. Umm..."

 

"Despite our commitment to decentralization and really trying to have Beanstalk... uhh... not have a head, in any capacity, and really just, run by itself, uhh... we've decided to disclose our identities bec-because of what's happened over the past days. So... uhh... you know, mmm-heh it is what it is. Umm... it's important that we say explicitly - we had nothing to do with the recent attack on Beanstalk whatsoever. We had no, uhh, involvement with, we have no prior knowledge of, uhh, any-anything having to do with the attack whatsoever. Umm... we don't know who did it. Uhh... at the moment, uhh, like all other investors in Beanstalk, uhh, we lost a significant amount of money, uhh, this morning, when the hack occurred, and, uhh, you know, it's it's very much too bad that this has happened. Umm, so, the, as soon as we learned of the attack we immediately reached out to the FBI. Uhh, they have not reached back out to us. But we informed the FBI's Internet crime center. Uhh... for about what happened. And, you know, we intend to fully cooperate with with the FBI to try to track down the perpetrators and, if it's at all possible, to try to recover any of the funds, uhh, that were stolen, uhh, in this attack."

 

"VC-funding, shared losses, giving spots in the pod line, and even Tetranode-funding were brought up in ways to re-fund the protocol and compensate users. Olympus DAO Protocol has links to Beanstalk and were also mentioned to help with liquidity." "“Everything is on the table” according to the devs, it all depends on how they can attract liquidity Estimate it will be a month at the earliest before any restart."

 

"NEW YORK , June 2, 2022 /PRNewswire/ -- Beanstalk, a decentralized credit-based stablecoin protocol, formally announces "The Barn Raise", a fundraiser to restore $77M of liquidity stolen from the protocol during a recent governance exploit and further recapitalize pre-exploit participants. "The Barn Raise" will begin June 6 at 12 p.m. ET and will last until all 'Fertilizer' tokens (Barn Raise tokens which will serve as certification of participation) are sold."

 

"Since the attack, the Beanstalk community has demonstrated incredible support for the project and provided numerous thoughtful ideas for a suitable path forward. The Beanstalk Farms team has taken these ideas into consideration and developed a proposal with four primary goals in mind: securing the enduring success of Beanstalk's economic model; attracting sufficient capital to restart Beanstalk; preserving as much of each Farmers' Stalk, Seed and Pod positions as possible, and; aligning new capital with previous Stalk and Pod holders."

 

"Over the last few months, the Beanstalk DAO has worked to restart the project, recruiting blockchain analysis firms to help track down the lost crypto. The group also hired Halborn, the security firm, which is reviewing the code to eliminate any vulnerabilities. Beanstalk officially reopened last month."

 

"Announcing the Barn Raise: a 10-day public fundraiser starting on 5/2 at Noon ET to restore Beanstalk’s liquidity and resume the protocol." "We’re holding a 60 minute AMA Town Hall with @isthispublius at 9 PM ET/ 6 PM PT to discuss the Barn Raise."

 

"BFP-66: Hire Halborn to Perform Audit has passed with 99.82% of voting Stalk. To ensure that the Beanstalk’s code is as secure as possible, Beanstalk has scheduled an end-to-end audit by Halborn beginning May 9."

 

"Beanstalk Farms now offers bounty to any individual or group who is able to identify the attacker and help us recover the withdrawn funds, with 10% of amount recovered as a result of their actions, shared equally among all eligible recipients, should there be more than one."

 

“we did it once in just 8 months we can do it again in 3” "Beanstalk Farms is still hard at work despite the setback last Sunday and is excited to see how the next couple weeks play out." "BFP-67: Barn Raise Proposal has passed with 100% of the 58M Stalk that voted approving the Barn Raise, a public ten-day fundraiser beginning May 2." "Beanstalk Farms proposes using the remaining 300,000 USDC as a discretionary operating budget to support Beanstalk on The Path Forward." "Beanstalk Farms proposes changing the start date of the Barn Raise from Monday, May 2 at 4pm UTC to Monday, May 9 at 4pm UTC as conversations with capital sources continue to develop."

 

"BFP-69: Start Date Change for the Barn Raise has passed with 68.5% of the 45M Stalk that voted approving the start date change for the Barn Raise to be May 9 instead of May 2." "BFP-70: The Path Forward, OTC Terms and Timeline has passed with 95.3% of the 34.6M Stalk that voted approving the OTC terms and postponing the Barn Raise." "Beanstalk Farms proposes The Barn Raise to start June 6 with a new structure. While OTC conversations are still in the works, this proposal provides the opportunity for everyone to participate. Vote on the Snapshot below and stay tuned for more details."

 

"BFP-71: The Path Forward, Barn Raise Structure and Timing has passed with 100% of the 25M Stalk that voted approving the start date and updated structure for the Barn Raise." "With BFP-71 passing, the Barn Raise [finally began] Monday, June 6 at 4:00pm UTC and end[ed] on Monday June 27 at 4:00pm UTC or until all NFTs are sold." "BFP-72: With this proposal, the Barn Raise extends until all $77M is raised, even through the Unpause. All Beans, BDV, Stalk and Seeds subject to vesting schedule, and no longer face a haircut." "Over $5.5M of Fertilizer sold in the first hour of the Barn Raise."

 

"After losing close to $182 million in a governance hack and being on a four-month sabbatical, Beanstalk stablecoin protocol is finally back after receiving a unanimous thumbs-up from the community." "This is a historic moment, beanstalk has so many possibilities and holds so much promise in solving our economic, and societal limitations. We pray for its much success."

 

"An enormous thanks is due to everyone who has supported Beanstalk since its inception, and in particular during the time since the attack. The outstanding community of thoughtful and cooperative Farmers are responsible for instilling light in the protocol during its darkest day and played a central role in the development of this proposal."

 

"Such comeback efforts are increasingly common in crypto." “We’ve always been so transparent with the community that this is an experiment,” Mr. Weintraub said. “We’re all figuring this out together.”

 

"The stolen funds remain missing."

Beanstalk Finance is a decentralized credit-based stablecoin protocol launched in August 2021 by anonymous developers. The stablecoin was backed by a smart governance contract which allowed holders of the "stalk" token to propose and vote on new proposals. Fortunately for a certain attacker, the price to acquire the vast majority of the "stalk" token was cheaper than the value of the treasury, and their "blank cheque" proposal to generously donate all of the funds to themselves passed with a strong majority of the community behind it.

 

The initial proposal was submitted as BIP (Bean Improvement Proposal) 18 and 19, of which BIP-18 was effectively empty (to be determined), and BIP-19 proposed to be donating funds to Ukraine. There was a special clause in the governance called an emergencyCommit, which allowed the proposal to pass after a single day if a supermajority (>67%) could be obtained. Of course, one way to achieve a supermajority is to obtain 67% of the stalk tokens yourself. Therefore, with the support from the majority of the community, the proposal passed.

 

In the end, the anonymous developers decided they didn't want to be anonymous anymore and moved forward in a more transparent manner with their community. They discussed various ideas with the community and ultimately conducted a "barn raise" to recover much of the value which had been lost, utilizing market incentives to successfully restore the peg to $1. The present market cap of Beanstalk does not appear to have fully recovered, however it appears healthy and the community is still strong and active.

HOW COULD THIS HAVE BEEN PREVENTED?

The primary issue was trusting a complex governance mechanism as opposed to a simpler multi-signature setup with the treasury. There was no human oversight to prevent the transfer of funds, no insurance in place in case anything went wrong, and the governance protocol had only been audited by a single smart contract auditing firm.

 

The specific flaws in the governance protocol were that proposals could be submitted by outsiders with limited reputation or history in the community, BIPs could be submitted without being validated (a voting period versus a timelock), and that the stalk governance token price was substantially lower than the value which could be obtained via a withdrawal from the treasury through a proposal.

 

Most protocols that have been attacked have had a single audit or less, while there has only been one minor loss on a contract with three auditors. It has been our framework that smart contracts should undergo 2 audits prior to launch, and a third audit after 6 months, which would have almost certainly uncovered the governance limitations. We also believe that the DeFi/exchange space ought to have an industry insurance fund which can step in when events warrant it, which would have greatly assisted in speeding up the recovery in this situation, were it still possible.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.