1. Home
  2. Beanstalk Farms

Beanstalk Farms

Once-hacked for $77M, Beanstalk’s algo stablecoin protocol relaunches

Beanstalk Farms stablecoin protocol was relaunched on Aug. 6 with the team working to hopefully reclaim the $100 million market cap of its BEAN stablecoin prior to the hack in April.

Ethereum-based algorithmic stablecoin project Beanstalk Farms has relaunched its protocol just under four months after going offline after suffering a devastating $77 million governance exploit.

The protocol and its governance have been paused since April following the governance exploit and flash loan attack, but were relaunched as of Aug. 6 in an event called the “Replant.”

In an announcement shared with Cointelegraph, Beanstalk said it has come out of the ordeal stronger than ever, likely in reference to protocol's governance and security.

“Beanstalk has come out on the other end of this ordeal stronger than ever. It is a testament to the creditworthiness of the protocol and its potential to help realize a permissionless future,” said Publius, the developer group behind the BEAN stablecoin and protocol.

Publius stated that it has now moved protocol governance to a community-run multisig wallet until “a secure on-chain governance mechanism can be implemented.”

The team also stated that it has completed two protocol audits from “top not smart contract auditing firms” in Trail of Bits and Halborn.

The spokesperson also highlighted that new application development on the network is already in the works, with the Root Protocol announcing a $9 million seed round on July 26 to develop financial, commerce, and sports betting marketplaces on Beanstalk.

The project has a long way to climb back until it's matching the previous metrics it hit before the hack. In mid-April, Beanstalk’s algo-stablecoin BEAN topped a market cap of $100 million, however at the time of writing the figure stands at just $284,426, with the asset far off the $1 peg at $0.0039, according to data from CoinGecko.

The project has also had limited success clawing back the funds stolen in the April exploit. As of Jun. 5, the project raised $10 million via a fundraiser to restore the stolen funds.

Long-term sustainability

However, as the jury is also still out on algorithmically backed stablecoins, it remains to be seen how sustainable BEAN will be long-term. Publius even highlighted such back in June, as he noted:

“At present, it is unclear whether Beanstalk is good enough to sustain itself in perpetuity. There still remain some inefficiencies in the model. However, Beanstalk is likely good enough to continue to sustain itself in the short term.”

“The thing about a system like Beanstalk is that it works until it doesn’t. You can never actually know if it works, only that it has worked so far. So much uncertainty is scary, particularly without a clear definition of success,” Publius added.

Related: Vitalik: Centralized USDC could decide the future of contentious ETH hard forks

Many projects have come up with various ways to get around collateral requirements and centralization problems associated with launching a scalable stablecoin.

Beanstalk’s variation relies on a decentralized credit facility, decentralized price oracle, and governance community to operate and hover around its intended $1 peg.

German watchdog orders Worldcoin to delete non-compliant data

Web3 Witnessed Over $718,000,000 in Losses in Q2 This Year, According to Blockchain Security Firm

Web3 Witnessed Over 8,000,000 in Losses in Q2 This Year, According to Blockchain Security Firm

New data from a blockchain security company reveals that the Web 3.0 sector suffered hundreds of millions of dollars worth of losses in the second quarter of this year. According to a new report by Beosin, Web 3.0 witnessed 48 major cyber attacks in Q2 with total losses of approximately $718.34 million. The blockchain security […]

The post Web3 Witnessed Over $718,000,000 in Losses in Q2 This Year, According to Blockchain Security Firm appeared first on The Daily Hodl.

German watchdog orders Worldcoin to delete non-compliant data

Beanstalk Farms loses $182M in DeFi governance exploit

The stablecoin protocol saw its own governance proposal system exploited enabling the malicious actors to extract all of its $182 million in collateral.

Credit-based stablecoin protocol Beanstalk Farms lost all of its $182 million collateral from a security breach caused by two sinister governance proposals and a flash loan attack.

The problem for the protocol was seeded by suspicious governance proposals BIP-18 and BIP-19 issued on April 16 by the exploiter that asked for the protocol to donate funds to Ukraine. However, those proposals had a malicious rider attached to them which ultimately created the sinkhole of funds from the protocol according to smart contract auditor BlockSec.

This latest security breach of a decentralized finance (DeFi) protocol took place at 12:24 pm UTC. At that time, the exploiter took out $1 billion in flash loans from the AAVE (AAVE) protocol denominated in DAI (DAI), USD Coin (USDC), and Tether (USDT) stablecoins. They used these funds to accumulate enough assets to take over 67% of the protocol’s governance and approve their own proposals.

A flash loan must be executed and repaid within a single block and usually calls on several smart contracts at once to complete. Flash loans have been used in the past to perform hacks or security exploits of other protocols. Beanstalk Farms is a decentralized algorithmic stablecoin issuing platform on Ethereum.

This case was technically not a hack as the smart contracts and governance procedures functioned as designed. Flaws in their design were exploited, which project spokesperson “Publius” acknowledged in a meeting on April 18th when he said:

“It’s unfortunate that the same governance procedure that put beanstalk in a position to succeed was ultimately its undoing.”

Blockchain security analysis firm PeckShield notified the Beanstalk team via Twitter at 12:41pm UTC on April 17 that there might be an issue with the ominous statement: “Hi, @beanstalkFarms, you may want to take a look.”

At that point, it was too late. The exploiter had already made off with roughly $80 million in Ether (ETH) and Beans (BEAN) while the entire protocol lost its $182 million in total value locked (TVL) according to PeckShield. BEAN is currently down about 83% trading at $0.17 according to CoinGecko but troughed at $0.06 when the exploiter dumped their tokens.

The exploiter swapped BEAN for ETH and then sent the coins to Tornado Cash to cover their digital tracks. However, they also sent 250,000 USDC to the Ukraine Crypto Donation wallet.

At 11:49 pm UTC on April 17, Publius wrote that the project is likely lost since there is no venture capital backing to recoup losses, adding “We are f**ked.”

In a team and community meeting on the Beanstalk Discord channel on April 18, Publius doxxed the three individuals who developed the project. They are Benjamin Weintraub, Brendan Sanderson, and Michael Montoya, all of whom attended the University of Chicago together and conceived Beanstalk Farms. 

Montoya said that the team had reached out to the Federal Bureau of Investigation (FBI) Crime Center and would “fully cooperate with them to track down the perpetrators and recover funds.”

The protocol’s smart contracts have been paused and all governance privileges have been revoked by the team.

Related: North Korean Lazarus Group allegedly behind Ronin Bridge hack

The team did not respond when Cointelegraph asked if they believe the FBI has any legal recourse to help them, but Publius believes this is definitely a theft that should be investigated.

Beanstalk’s community has been mostly supportive of the team in the trying time despite their own tremendous personal losses. However, community member “Astrabean” believes the team should be taking more responsibility for the attack rather than accepting what happened as an honest mistake that the project must move on from. He stated that “I would have wanted you as leaders to take accountability for what happened.”

Community member “CharlieP” echoed those concerns about trust in the protocol. He asked the team “Are you saying you have no responsibility for this endeavor? If that’s the case, who are we to trust that this is not going to happen again?”

Publius responded that the project is just an open-source code experiment, not a business and that neither he nor the team should be held accountable for what happened. He added,

“When you ask us to take responsibility, it’s really inappropriate.”

German watchdog orders Worldcoin to delete non-compliant data