Beanstalk DAO is a DeFi lender running on the Ethereum blockchain. It was raided just before 12:30 UTC on Sunday 17 April for 24,830 ETH.
Smart contracts are famously prone to hacks. But this wasn’t a hack at all — this was a corporate raid. Even the project concedes that everything worked according to the rules of the project.
The story of the Beanstalk raid is the end of a long chain of slapdash and incompetent financial engineering, by people who just found out why regulations evolved.
How Beanstalk worked
Beanstalk worked like an unlicensed bank paying interest, or perhaps an unlicensed investment contract. We don’t need rules in DeFi!
Beanstalk had an algorithmic stablecoin called BEAN. When BEAN went over $1, Beanstalk would mint fresh BEAN coins. When BEAN went under $1, the project would create incentives to exchange BEAN for one of Beanstalk’s several other tokens. [white paper; blog post; BowTied Island]
The financial engineering was elaborate — but ultimately pointless.
Beanstalk was offering interest on locked-in BEAN tokens on the order of 2,000% to 4,000% annual percentage rate. Those numbers are enough to tell you straight away that this is not a sustainable scheme.
Beanstalk offered depositors SILO, the Beanstalk governance token. If you had over 0.1% of all the SILO, you could make governance proposals in the Beanstalk DAO.
In regulated markets, we have laws and regulations on how you can take over a company and drain it. A private equity corporate raider can borrow money to take over a company, by issuing “junk bonds.”
A lot of people consider private equity raids odious — but they’re not illegal.
Beanstalk built a system to let someone do a private equity corporate raid on them with junk bonds, in ten seconds, by computer.
The raider issued a proposal to donate $250,000 in ether to Ukraine for the war effort. This was proposed as a smart contract on Ethereum. [Etherscan]
The code for the proposal included a donation to Ukraine — but also a routine for the raider to take all the funds.
The raider needed two-thirds of governance votes to pass the proposal. How to get this many votes?
A flash loan lets you borrow cryptos and return them as part of the same transaction. Beanstalk had recently introduced two new crypto-assets that could be created using a flash loan.
The raider took out a flash loan to buy lots of the governance token, put through the vote, and then returned the loaned funds in an instant.
The raider did, in fact, send some ETH to Ukraine. The rest, they put through the Tornado Cash mixer.
Beanstalk is probably screwed, and BEAN’s dollar peg has been broken utterly.
The Beanstalk project has gone to exchanges asking them to block the ether from the transaction — and even to the FBI. The project’s anonymous founder, “Publius,” did not clarify to CoinTelegraph under just what law the FBI would have recourse to help them. [CoinTelegraph]
This was an outrageous shenanigan. But it’s not clear that it was any more illegal than the securities law violations that Beanstalk was already committing. The raider completely obeyed the project’s rules.
Publius said on the project Discord: “It’s unfortunate that the same governance procedure that put beanstalk in a position to succeed was ultimately its undoing.”
It’s also not absolutely clear that the raider had nothing to do with the project. The project founder is an anonymous person known only as “Publius.” Did the raider just duck in with a rugpull before the founders could?
Update: “Publius” revealed themselves: “I am Benjamin Weintraub, and I am here with Brendan Sanderson and Michael Montoya. We are Publius. We are the individuals who created Beanstalk.” They say they had no prior knowledge of the raid. [Crypto News]
This is what happens when crypto guys decide they don’t need regulations, and they’ll build corporate governance themselves from paperclips and string.
It turns out that rules, regulations, laws, and not having drastic things happen in ten seconds by computer can be a good idea in practice. Also, LOL.
I was also quoted in the Guardian about the raid. [The Guardian]
Your subscriptions keep this site going. Sign up today!