De-Fi-Fo-Fum - The story of Beanstalk and Theft by Governance

In the most bizarre cybercrime one has read about in recent times, Beanstalk Farm, a stable coin protocol project based on Ethereum, had its reserves siphoned to the tune of $182 million.

The theft didn’t occur by way of a phishing attack, nor any other break and enter tactic - rather by using the project’s own governance to the offender’s advantage.

Each Beanstalk token ($BEAN) has attached to its holder voting rights in the protocol’s governance system.

By using a flash loan, an instant and often large cryptocurrency injection to be repaid in a short term, and in this case a flash loan of $80million the unnamed offender purchased enough tokens to afford themselves extensive voting power.

After gaining this voting power, the offender put forward two resolutions, asking for the protocol to donate funds to the Ukraine Crypto Fund - a payment to the tune of $250,000. However within those resolutions were proposals to siphon further monies held in the protocol’s reserve to a wallet owned by the offender.

Given the offenders voting power to pass the resolution, almost instantly funds were drawn, the flash loan repaid and the reserves drained. They did send $250,000 to the Ukraine fund, a slither of a silver lining perhaps?

An action that would have taken weeks to happen in the world of corporate governance, happened within a day in crypto land - always be prepared for attacks on your projects, they really can come from anywhere.
#cybercrime #cryptocurrency