Beanstalk Farms is struggling to recover from an attack that not only highlighted simple flaws in its system but also drained all protocol assets.

On Sunday, blockchain analytics company PeckShield alerted the decentralized finance (DeFi) platform to an Etherscan showing suspicious transaction activity. Beanstalk then confirmed the attack on Twitter Sunday and stated an investigation into the nearly $80 million loss of “non-beanstalk user assets” was ongoing. Through a series of social media posts, public statements and conference calls this week, Beanstalk’s founders have revealed just how damaging the attack was.

It forced the formerly anonymous owners to reveal their identities, to offer an ethical hacker bounty to the attacker and to pause the entire DeFi system without a restart date in sight. The revelations about the attack also raised questions about the design of BeanStalk’s platform, its security posture and who is in charge of the company.

During a sprawling, three-plus hour “Beanstalk Exploit Town Hall” on Discord Sunday evening, the founders, who previously operated under the alias “Publius,” revealed their identities as Benjamin Weintraub, Brendan Sanderson and Michael Montoya. The trio attended the University of Chicago together prior to founding the Ethereum-based DeFi protocol.

To kick off the town hall meeting on Sunday, Weintraub said the founders revealed their identities to dispense any notion that they were involved in the attack. He reiterated that sentiment many times, in addition to stating their commitment for Beanstalk to “not have a head in any capacity” and essentially run on its own.

“It’s important to acknowledge that we aren’t in charge and have never positioned ourselves as in charge of Beanstalk,” Weintraub said.

Regardless of Beanstalk’s management structure, the platform remains down with no immediate plan to resume. Weintraub chalked that up to an “economics problem” given that there is no money in the liquidity pools. Just days earlier, the company boasted on Twitter that it had $130 million in liquidity and a $95 million market cap.

Just days before a massive hack drained all its funds, Beanstalk Farms announced it had $130 million in liquidity.

While Weintraub said the founders contacted the FBI’s Internet Crime Center following the attack, they have not heard back.

Flash loan failure

Beanstalk, along with blockchain security vendors Omniscia and CertiK, provided insight into how the attacker made off with all the beans. While a vulnerability made the attack possible, there were flaws in the stablecoin protocol that led to its success.

In a blog post Tuesday, Beanstalk said “the perpetrator used a flash loan to exploit the protocol’s governance mechanism and send the funds to a wallet they controlled.”

Flash loans are transactions that allow DeFi members to borrow and return funds in an instant without any collateral. “The term ‘flash loan’ refers to a loan, usually of significant proportion, that is repaid in the same execution flow it is acquired,” Omniscia CEO Yvan Nasr told SearchSecurity in an email. “As a result, the loan in traditional terms is opened and closed at the same second, hence the term ‘flash.’ This is possible because multiple actions in an Ethereum based blockchain can be bundled into the same transaction.”

Monier Jalal, vice president of marketing at CertiK, said flash loans are a new invention in the DeFi market that were first introduced in January of 2020 and “can be …….


Leave a comment

Your email address will not be published. Required fields are marked *