Beanstalk Farms loses $182 million due to a DeFi governance scam

Depricated as of Oct 2022

Some CRYPKYP functionalities are depricated as of October 2022 and will no longer be populated until further development and future version.
Although all here is visible and interactable you can not Contribute to those articles.
Try looking at other information on the Platform and Contributing there!

Have a great day,

Beanstalk Farms loses $182 million due to a DeFi governance scam

Beanstalk Farms loses $182 million due to a DeFi governance scam
1650263116 18 Apr / 06:25

The stablecoin protocol's governance proposal mechanism was abused by unscrupulous actors, allowing them to withdraw all $182 million in collateral.

Beanstalk Farms, a credit-based stablecoin platform, lost its entire $182 million collateral due to a security vulnerability triggered by two malicious governance proposals and a flash loan assault.

The difficulty for the protocol was precipitated by the exploiter's dubious governance proposals BIP-18 and BIP-19, which were issued on Saturday and requested that the protocol give monies to Ukraine. Nevertheless, according to smart contract auditor BlockSec, these proposals included a malicious add-on that eventually led to the protocol's cash disappearing.

This most recent security compromise of a system for decentralized finance (DeFi) occurred at 12:24 UTC. At that moment, the exploiter obtained $1 billion in flash loans denominated in DAI (DAI), USD Coin (USDC), and Tether (USDT) stablecoins from the Aave (AAVE) protocol. They utilized this money to amass sufficient assets to assume control of 67 percent of the protocol’s governance and accept their proposals.

A flash loan must be completed and repaid inside a single block and typically requires the simultaneous execution of many smart contracts. In the past, flash loans were used to accomplish hacks or security attacks against other protocols. Beanstalk Farms is an Ethereum-based decentralized algorithmic stablecoin issuance platform.

Technically, this scenario was not a hack because the smart contracts and governance mechanisms worked as intended. Their design flaws were exploited, as project spokesperson “Publius” admitted at a Monday meeting when he stated:

“It’s sad that the governance system that placed beanstalk in a position to prosper eventually led to its downfall.”

Sunday at 12:41 UTC, the blockchain security analysis firm PeckShield alerted the Beanstalk team through Twitter that there may be a concern with the alarming message. “Hello @beanstalkFarms, you might want to have a look at this.”

At that time, it was already too late. According to PeckShield, the exploiter had already stolen around $80 million in Ether (ETH) and Beans (BEAN), while the entire protocol lost $182 million in total value locked (TVL). According to CoinGecko, BEAN is presently trading 83 percent lower at $0.17, while the exploiter dumped their tokens for $0.06.

The exploiter exchanged BEAN for ETH before sending the money to Tornado Cash to conceal their digital footprint. In addition, they contributed a total of 250,000 USDC to the Ukraine Crypto Donation wallet.

At 11:49 UTC on April 17, Publius commented that the project is likely lost due to a lack of venture capital funding, adding, “We are screwed.”

On April 18 at a team and community meeting on the Beanstalk Discord channel, Publius doxxed the three developers of the project. They are Benjamin Weintraub, Brendan Sanderson, and Michael Montoya, and they founded Beanstalk Farms while attending the University of Chicago together.

Montoya stated that the team had contacted the Federal Bureau of Investigation (FBI) Crime Center and would “completely cooperate with them to hunt down the offenders and retrieve the stolen monies.”

The team has halted all smart contracts and canceled all governance powers for the protocol.

The team did not react to Cointelegraph’s question on whether they feel the FBI has legal recourse to assist them, but Publius believes this theft should be probed.

Despite their enormous personal losses, the Beanstalk community has mostly supported the crew throughout this difficult time. Astrabean, a community member, argues that the team should take greater responsibility for the assault, rather than accepting it as an honest error that the project must move on from. He remarked, “I would have liked for you as leaders to accept responsibility for what occurred.”

CharlieP, a community member, reiterated the same reservations regarding the protocol’s credibility. He asked the group, “Are you claiming you have no responsibility for this endeavor?” Who can we believe this won’t happen again if this is the case?”

Publius answered that the project is only an experiment using open-source technology and not a company, and neither he nor the team should be held responsible for what transpired. He added,

It is quite improper to urge us to assume responsibility.

Last News and Media
CRYPKYP contain links to third-party websites, resources, and advertisers. CRYPKYP does not control, sponsor, recommend or otherwise accept responsibility for any third-party content because we are not responsible for the availability of these outside resources or their contents or privacy practices. It will help if you direct any concerns regarding any third-party content to such a third party. We don't accept responsibility for the content of external websites linked to through the Site or the Services. Third-party content is accessed at the user's own risk. CRYPKYP distributes content from third-party publishers as indicated on the site from time to time mainly in Airdrops, News / Media, Whale Alerts, and Rumors. In these circumstances, CRYPKYP only provides limited stylistic input to the content. CRYPKYP does not verify and takes no responsibility for the accuracy of the content provided by any such third-party publishers.