Beanstalk Farms Offers a Whitehat Bounty to Hacker who Stole $76M in Crypto
On April 18, Beanstalk Farms, a credit-based stablecoin platform that suffered a hack of about $76 million in Crypto, promised a 10% bounty if the attackers reimbursed the cash.
Hackers Can Keep $7.6M
The attack was instigated via a flash loan attack whereby the perpetrators secured a loan via Aave’s lending platform. They were able to authorize a fraudulent proposal by acquiring a strong voting power to bypass the 2/3 majority rule.
The offer was made public via the company’s Twitter account and forwarded to the perpetrators the next day via an on-chain message. According to the request, the exploiters would be required to give back 90% of the stolen funds to Beanstalk Farms’ multi-signature wallet.
In exchange, the exploiters will be able to keep the remaining 10% as a whitehat bounty, which is a contract made by platforms to compensate those who report security exploits and flaws.
As initially reported by Crypto.news, the $76 million attacks were not considered a hack as the governance protocols and smart contracts used to finalize the transfer worked as intended. The stolen funds were originally estimated to be worth about $182 million.
Beanstalk Services Suspended
Beanstalk co-founders Benjamin Weintraub, Brendan Sanderson, and Michael Montoya revealed in a podcast on Monday that design problems “ultimately contributed to its downfall.” According to a statement released on Tuesday, the exploit was carried out using a previously undiscovered flaw in Beanstalk’s governance process.
The statement also outlined that Beanstalk’s protocol regime and services have been suspended while the founders work on a relaunch strategy. The firm’s spokesperson, Weintraub, revealed that they were rolling out the company’s future plans and that they were also considering fundraisers.
Publius, a Discord team member, believed that the hack would ultimately lead to the demise of Beanstalk Farms. Weintraub, however, is convinced otherwise.
Even though the specific framework for generating capital is still “very much up in the air,” Weintraub remains optimistic about the protocol’s long-term viability.
Will the Hacker Return the Funds?
While the deal may entice the hacker, it looks to be the founders’ final attempt to reclaim the monies, as they have already claimed that they lack the finances to reimburse their subscribers. Another alternative presented by the founders is to supply a newly produced token or reduce the number of tokens held by users, but these are still just ideas.
Whether or not the hacker will return the funds is up to them and their intention for stealing the funds. It’s believed that part of the funds stolen from Beanstalk were gifted to the war-griefed Ukraine. In August last year, the hacker behind one of the most significant crypto heists returned about half of the $600M stolen assets.
Crypto has several weak spots, and hackers are pouncing. However, DeFi projects and cryptocurrencies hacks aren’t always fatal. Axie Infinity founder Sky Mavis announced a $150 million financing round led by Binance shortly after the attack.