The Beanstalk heist, wherein a fraud was perpetrated using legal loopholes, shows we will constantly be playing catch-up now that the crypto-genie is out of the bottle
By Siddharth Pai
Last month, a crypto currency named Beanstalk was defrauded of more than $180 million (around Rs 1,400 crore). The attack used unusual tactics, in which the attacker used borrowed funds to accumulate the voting rights necessary to transfer all the money into his (or her) own account. The heist was reported in the New Indian Express on April 18.
Beanstalk (https://bean.money) describes itself as a “decentralised” asset that is also a “stable-coin”. Unlike other cryptocurrencies like Bitcoin that can gyrate wildly in value, stable-coins are pegged to a country’s fiat currency. In most cases, this is the US dollar, and the attempt is to keep the stable-coin’s value pegged as 1 stable-coin=$1. While Beanstalk itself is the network in which digital currency transfers occur, the blockchain system provides users with crypto-units called “beans”, which are the official tokens of the platform. Those making deposits on its network are referred to as “bean farmers,” tending to “fields” and their accounts or wallets are referred to as “silos”. Beanstalk effectively operated as a bank, letting savers called bean farmers make deposits of beans into a field, and using their savings to ensure that the value of a single bean stayed as close to $1 as possible.
For a stable-coin to work properly, it needs sufficient reserves to collateralise its coin. Broadly, there are three ways to collateralise a stable-coin. The first is to collateralise by fiat—this means the coins are backed by real assets in reserve; for every stable-coin, there should be the equivalent in real currency in assets. The second is to collateralise with cryptocurrency, although here, price volatility is still an issue. So, stable-coin providers try to solve this by “over-collateralisation”, for example, $1 of stable-coin is linked with $2 worth of crypto, to hedge the underlying crypto’s volatility. The aim is to create the benefits of decentralisation for stable-coins while the crypto-reserves absorb the impact of market volatility.
The third way, which is technically the most difficult, is to collateralise in a decentralised fashion. Here, stable-coins are not linked to any kind of reserve but instead use smart contracts to monitor price fluctuations, and programmes to issue and buy coins accordingly. By way of explanation, a smart contract is a decentralised application or computer programme that executes business logic in response to external events. Smart contract execution can result in the exchange of money, delivery of services or other types of transactions such as changing the name on a house’s ownership documents.
Some months ago, I wrote an invitation piece for The Financial Express on decentralised finance (or DeFi as it is commonly called in the tech industry), which allows apps to create financial instruments using underlying crypto currencies such as Bitcoin and Ethereum. The Bean Bank is itself a product of DeFi. The issue is that the DeFi space is largely unregulated, and in legal and financial terms, it is effectively the Wild West.
Apparently, some of Beanstalk’s bean farmers were encouraged to deposit cryptocurrencies such as Ether into a “silo” to build up the stable-coin’s reserves in exchange for voting rights over the operation of the organisation through a DAO or “Decentralised Autonomous Organisation”. The point of DAOs is to act like a company in the crypto world—one which is controlled directly by its shareholders with no governance structures such as a board and/or executive management.
Last month, one DAO vote resulted in the bank’s entire silo being transferred out of it, in one go. The attacker had borrowed $80 million in cryptocurrency and deposited it in the DAO project’s silo, gaining enough voting rights in the DAO to be able to instantly pass any proposal at the “Bean Bank”. With that power, the attacker voted to transfer the contents of the treasury to him/herself, then returned the voting rights in the process of withdrawing the money, and subsequently repaid the loan. All this in a matter of seconds.
The attacker took advantage of a “flash loan” to seize control. Flash loans are only possible in the crypto space—they are loans that are paid back instantly. Their advantage is for persons who have spotted arbitrage opportunities in digital assets. If you spot the opportunity to sell a digital asset at, say, $11 and buy it for $10—then you can borrow $100 million, execute the trade to make $110 million, return the original $100 million and keep the profit of $10million—all in one transaction. The lender takes no risk—because the loan literally cannot be made without being repaid—and collects a small fee for the service. While flash loans were obviously designed for trading on arbitrage opportunities, they became an unwitting accomplice in the defrauding of a digital bank.
In the real world, and in sequence, this would mean taking a loan to buy out 51% of the bank’s voting shares (legal), using the voting rights to transfer money to yourself (illegal—a board member with majority rights simply can’t vote to transfer all a firm’s asset to him/herself), sell your shares in the bank (legal) and pay back your loan (legal). To add to the illegality, no bank can vote to transfer out all its assets— it would be in violation of all sorts of banking laws. And of course, the equivalent of a DAO in the real world would also be illegal.
The problem? Well, the attacker used legal means to conduct the attack. Buying the voting rights in the DAO was legal, and the flash loan was also legal.
It seems to me that we will constantly be playing catch-up now that the crypto-genie is out of the bottle.
The author is Technology consultant and venture capitalist; By invitation