Skip to content
Naked Security Naked Security

Beanstalk cryptocurrency heist: scammer votes himself all the money

Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.

Back when the Bitcoin protocol was invented, the idea was to build a simple global payment system that wasn’t (and couldn’t be) controlled by any central broker.

In other words, you wouldn’t need to apply to a private company for a credit card, or to get permission from a regulator to send cash abroad, or to risk having incoming payments confiscated by a corrupt bank or central government, or to negotiate a series of complex exchange rates determined by other people, or to wait for the companies at each end of the transaction to decide that it was time to let it go through.

You could simply and directly trade online with someone else who decided that the bicoinage you were offering was somehow worth what they were giving you in return.

For better or worse, however, cryptocurrency networks such as Bitcoin have largely devolved into investment schemes instead of payment systems.

People tend to trade in Bitcoin, as they might in stocks and shares, rather than trading with it, as they would with cash, a credit card, or (in the olden days) a chequebook.

De-Fi to the rescue

So, a new wave of cryptocurrency systems dubbed De-Fi, short for decentralised finance, has arisen to fill that transactional void.

De-Fi systems don’t just aim to provide an algorithmic basis for digital currency, but instead to provide a fully-fleged alternative to the old-school, tightly regulated world of commercial banking.

Instead of depositing your funds with a licensed and regulated bank, and then trading with those funds by choosing from a carefully curated list of transaction types, De-Fi systems let you invest your money with them, in return for access to a “smart contract” system that allows you trade automatically with other users of the system in a way to suit yourself.

In very simple terms: you write your financial contracts as a chunk of computer code, and the De-Fi system processes it to handle and disburse your income as you choose.

If you wanted, for example, you could code a smart contract that waited for a payment from X, then automatically divvied up the funds between you and two friends in the ratio 6:5:4, unless the money arrived after a certain date, in which case the ratio would be 7:6:2. (You might want to offer the third recipient an automated incentive for helping you to secure early payment.)

By using distributed ledgers known as a blockchains, a sort of community-operated bookkeeping venture where transactions are agreed and recorded by consensus, De-Fi services don’t need to be managed by a traditional organisation such as a government’s central bank or a global payment card behemoth.

What could possibly go wrong?

Unfortunately, as we’ve written on Naked Security several times before, there’s quite a lot that can go wrong when you entrust your hard-earned income to a decentralised and largely unregulated operator.

What if the De-Fi service you choose is actually just a bunch of smoke and mirrors, and the founders of the “business” intended all along simply to run off with your “investments”? What if the founders are incompetent? What if the hastily constructed websites on which the business is based are full of cybersecurity holes?

https://nakedsecurity.sophos.com/2021/08/11/hacker-grabs-600m-in-cryptocash-from-blockchain-company-poly-networks/

What if the underlying cryptographic protocols themselves, on which the De-Fi company’s smart contracts are based, contain exploitable loopholes?

This last problem is what seems to have sunk the De-Fi company Beanstalk over the Easter weekend, where a scammer was apparently able to pull off a transaction sequence that went something like this:

1. Propose an “emergency transaction” that included paying funds to the scammer, under the guise of donating $250,000 to a Ukraine relief appeal. (This special transaction would require a two-thirds majority vote by the community, based on the collateral held by each voter. As you’d imagine, this sort of proposal would be unlikely to get voted through by anyone except the scammy proposer, whom you wouldn’t expect be able to come up with the massive financial collateral needed to vote it through.)

2. Wait long enough for voting on the “emergency transaction” to be activated.

3a. Borrow close to $100m in cryptocurrency from elsewhere in order to achieve the supermajority necessary to outvote everyone else.
3b. Approve the “emergency transaction” using the suddenly-acquired supermajority powers, transferring everything from Beanstalk to scammer.
3c. Instantly repay the absurdly-sized loan used to take control of the voting process.

4. Push the bulk of the remaining cryptomoney through a coin-tumbling service and keep it.

Beanstalk, according to its own blog, has thereby lost about $76 million of other people’s money, just like that.

Obviously, given that hindsight gives you the benefit of 6/6 vision, the core of the the problem here is that the protocol permitted the processes listed above as 3a, 3b and 3c to be conducted as if they were a single transaction, thus allowing what the De-Fi sector refers to as a flash loan (one that’s borrowed and repaid in one go, as part of an indivisible operation) to be used to acquire momentary but total power over the cryptocurrency service.

We suspect that most readers will agree that this sidestepped the spirit, if not the letter, of the supermajority provision in the “emergency transaction” process that Beanstalk had put in place.

(Traditional banks typically use well-known protocols for “emergency” operations, such as opening vaults, that make it physically as well as technically difficult for one individual to act in place of several. Notably, these protocols are meant to make it unlikely that one person could pull off a solo megaheist without getting detected in time.)

Was it even a crime?

Nevertheless, as some observers have noted, the scammer in this case might not have broken any laws, depending on how you view legalistic phrases such as “unauthorised access”.

Beanstalk’s cryptocurrency token BEAN prided itself on being what’s known as a stablecoin, meaning that the system varied the way it rewarded buying into and cashing out of the service in order to maintain a real-world value of about $1, thus avoiding the inherent fluctuations that effectively turned Bitcoin from a trading currency into an investment service.

Sadly, despite managing quite well to maintain that stable $1 value point recently, BEAN tokens – those that are left with regular account holders, anyway – are now trading at just a few cents, according to Coingecko:

Dollar value and comparative trading volumes of BEAN tokens
in March/April 2022, according to Coingecko.

What to do?

An early reponse on social media by an alleged project spokeperson known as Publius expressed the desperation that everyone other than the scammer must have felt:

Honestly not sure what to type. We are f****d. This project has not had any venture backing, so it is highly unlikely there is any sort of bailout coming.

Beanstalk has tried the approach that seemed to work for De-Fi outfit Poly Networks last year, when a hacker made off with hundreds of millions due to a smart contract exploit: grovel politely, and ask for the money back.

The desperate Beanstalk operators sent a message via the ETHER blockchain to the scammer, whom they’ve dubbed The Exploiter, as follows:

496e207468652077616b65206f6620796573746572646179277320
61747461636b2c204265616e7374616c6b204661726d73206d616b
65732074686520666f6c6c6f77696e67206f6666657220746f2074
6865204578706c6f697465723a0a0a496620796f752077696c6c20
72657475726e20393025206f66207468652077697468647261776e
2066756e647320746f20746865204265616e7374616c6b20646570
6c6f796d656e742077616c6c657420307832314445313842364138
663738654465364431364335304131363766364232323244433038
4446372c204265616e7374616c6b2077696c6c2074726561742074
68652072656d61696e696e67203130252061732061205768697465
68617420626f756e74792070726f7065726c792070617961626c65
20746f20796f752e0a0a54686f7573616e6473206f6620696e6469
76696475616c732068617665206265656e206861726d656420616e
64207468697320697320616e206f70706f7274756e69747920746f
206d616b6520676f6f64206f6e2079657374657264617927732065
76656e74732e0a0a4265616e7374616c6b204661726d73

The message decodes as:

In the wake of yesterday's attack, Beanstalk Farms 
makes the following offer to the Exploiter:

If you will return 90% of the withdrawn funds to 
the Beanstalk deployment wallet 
0x21DE18B6A8f78eDe6D16C50A167f6B222DC08DF7, 
Beanstalk will treat the remaining 10% as a Whitehat 
bounty properly payable to you.

Thousands of individuals have been harmed and this 
is an opportunity to make good on yesterday's events.

Beanstalk Farms

Desperate times, it seems, call for desperate measures.

For all we know, the Exploiter might decide that it’s worth going for 10% of the “takings” paid in cryptocurrency wallets that the community may subsequently accept as lawfully obtained…

…or they might just decide to keep the lot, thus avoiding an apparent admission that the original heist was an “improper” payment” until it was retrospectively legitimised as a bug bounty.

Where do you stand on this heist and its response?

Was this a crime or simply a smart-but-legal trick?

Are retrospective bug bounties an acceptable last-ditch recovery tactic, or a copout?

Let us know in the comments below…


11 Comments

Theft by any other name is still theft. Whether it is called a super-majority voting right, a contracted agreement or a “legal” method for redistributing funds during an emergency. Without ownership rights defended by governments we will descend into chaos as a society.

” Push the bulk of the remaining cryptomoney” ? What remaining currency? You said that nobody would invest in that; much less 75 million? Sorry if I am being a dunce.

They transferred all the existing BEAN funds during their instant of power. There were no new investments paid in by other people that formed part of the scam.

I didn’t say “no one would invest”, I said that no one would be expected to vote for the weird proposal (“enrich me unilaterally!”) except the person who proposed it, so the supermajority rule should easily ensured that the proposal couldn’t possibly succeed.

Except that the proposer was able to give themselves a just-for-an-instant supermajority to vote on what was clearly a hopeless cause *back at the moment they proposed it*. So they were able to line up a giant “this-will-clearly-never-get-voted-through withdrawal” in advance, then sneakily approve and execute said “impossible” withdrawal, against all expectations, by simultaneously borrowing, presenting and returning the collateral needed to get the vote through.

So, some _other_ people _had_ put their money into the charity, thinking they had a modicum of say in the distribution. Not realizing that majority rule could be abused by a wealthy “donor”; even temporarily. I think I have seen this in politics somewhere.

There are philosophical theories regarding how social systems should work, and then there are the ways they actually work. Value protection and exchange is a social system. Crypto at the best is an implementation of a well intentioned theory, ( out of Russia ), an implementation for value exchange which does not allow for the resourcefulness and inclinations of social systems. At worst it is a straight up gamble and/or hustle without guardrails.

I think this should happen more often in order to serve as a lesson in where to keep your money.

The people who lost money in this entirely deserve to, the whole crypto enterprise is fuelled by nothing more than greed.

Most true statement I’ve read on crypto currency: “For better or worse, however, cryptocurrency networks such as Bitcoin have largely devolved into investment schemes instead of payment systems.”

The only good use of Blockchain for finance is to mange transfers between financial institutions, not as a currency itself.

I think the biggest crime here is that it seems no-one, upon reading about a potential cryptocurrency scam involving a company called “Beanstalk”, thought to crowbar the phrase “De-fi fo-fum…” into proceedings somehow. What’s wrong with people?

Fie on you! Next you’ll expect us to believe that “The Story of Jack Spriggins and the Enchanted Bean” wasn’t a documentary after all, but was in fact an 18th century children’s fairy tale.

Exploiting the rules and finding loopholes in a system that obviously should be fixed is essentially theft.
Unfortunately I’m pretty sure the person(s) behind this won’t be doing the right thing.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?