TechScape: How a cryptocurrency project lost $180m to a get-rich-quick scheme – The Guardian
In this week’s newsletter: Beanstalk held hundreds of millions of dollars’ worth of stable assets – until one lone attacker quickly, maybe even legally, bankrupted the scheme in minutes
Here is a very illegal, totally ineffective get-rich-quick scheme:
1. Borrow a billion dollars for a day.
2. Buy 51% of the shares of a small bank.
3. Hold a vote amongst the bank’s shareholders to send all the money in the bank’s vaults to you, which you win, because you own 51% of the shares of the bank.
4. Sell your shares in the bank.
5. Pay back your billion dollar loan.
The scheme is illegal because, well, almost all the individual steps are themselves illegal. A board vote cannot simply transfer corporate assets to a majority shareholder, that would be embezzlement, a crime; a bank cannot transfer assets in its vault as it sees fit, because then it wouldn’t meet reserve requirements, a crime.
And it’s ineffective to boot: you would find it tricky to borrow a billion dollars, buy up all your shares in the bank, and hold a vote amongst the bank’s shareholders to take the bank’s reserves before the bank’s customers discovered your scheme and raced to be the first to withdraw their assets.
Here is a maybe legal, definitely effective get-rich-quick scheme:
1. Do the same thing, but in crypto.
From our story:
The Beanstalk cryptocurrency has been stripped of reserves valued at more than $180m (£138m) in seconds, after an attacker used borrowed money to snap up enough voting rights to transfer the money away.
A still-unidentified attacker had borrowed $80m in cryptocurrency and deposited it in the project’s silo, gaining enough voting rights in exchange to be able to pass any proposal instantly. With that power, they voted to transfer the contents of the treasury to themselves, then returned the voting rights, withdrew their money, and repaid the loan – all in a matter of seconds.
Beanstalk was – is, technically, though the writing is on the wall – a stablecoin project, which aimed to create a cryptocurrency, Beans, that would permanently be worth $1. But the name is confusing: the best way to think of stablecoins is as the crypto world’s equivalent of banks. You hand a project assets, and they give you a promise that they will be preserved until you ask for them back. A bank tracks your deposits with it by giving you an account number, and a balance; a stablecoin does the same by giving you, well, stablecoins.
Most stablecoins tout their large reserves as a reason to trust them; the biggest, such as Tether and USDC, once very simply promised that every coin they issued was backed one to one by a dollar in their reserves (those claims have been watered down in recent years, and one of the ongoing disputes in the crypto space is whether they were ever true in the first place). Smaller stablecoins, like Beanstalk, tend to combine the banking aspect with what’s sometimes called a “honest Ponzi”: a promise to pay wild rates of interest, clearly and openly funded from new inflows of capital.
All of which is to say that Beanstalk held hundreds of millions of dollars worth of digital assets as reserves to back a stablecoin that was supposed to permanently be worth $1. Until it didn’t.
Over the weekend, an attacker took advantage of a “flash loan” to seize control of Beanstalk for seconds. Flash loans are something only possible in the crypto space: a loan which is paid back the same instant it’s made. What’s the advantage? Well, say you’ve spotted a way to buy a digital asset for $5 and sell it for $6 – then you can, in one seamless transaction, borrow $5m, execute the trade to make $6m, return $5m and profit for $1m. The lender takes no risk – because the loan literally cannot be made without being repaid – and collects a small fee for the practice.
In Beanstalk’s case, the trade wasn’t such a clean arbitrage. It was, effectively, the get-rich-quick scheme I described. The attacker used the loan to buy up voting rights in the “decentralised autonomous organisation” (you’ll remember those from January) that controls Beanstalk. It then passed an emergency resolution to take all the money Beanstalk held, with enough votes – more than two thirds – that it took effect immediately. It sold the rights, returned the loan, and began the process of laundering the proceeds.
To be fair to Beanstalk, the attack wasn’t quite as open – and stupid – as the get-rich-quick scheme sounds. There was subterfuge involved: proposals needed to be submitted 24 hours beforehand, so the actual proposal wasn’t as simple as “give me all your money”; on the surface, it looks more like a proposal to donate $250,000 to Ukraine, with a single line serving to trigger a flurry of extra contracts that drained the coffers.
But nonetheless, by the rules of the crypto world, it’s not entirely clear what wrongdoing was committed. The attacker acquired voting rights in a way explicitly allowed by the code of the project, voted for a proposal explicitly allowed by the code of the project, and took money in a way explicitly allowed by the code of the project. Any of these things could have been tweaked: you could try and write a stablecoin, as many have, that prevents even the DAO that backs it from interfering with reserves; you could prevent flash loans from being used to acquire voting rights; you could prevent resolutions from being voted on until after they’ve been explicitly security checked and approved. Beanstalk … didn’t.
By the rules of the real world, there is almost certainly a crime here, although it’s not easy to identify which one. Maybe fraud? Probably you cannot hand someone computer code that says in quite clear English that it is a proposal to donate $250,000 to Ukraine but which actually donates $180m to you, and then when they run it, say “haha suckers” and not get in some sort of legal trouble. But the deeper you get into the crypto sector, the less the rules of the real world apply. In the real world, you also cannot start a wildcat bank that mints its own currency to pay double digit interest rates out of customer funds.
In the last day, the founders of Beanstalk have laid out a four point plan to recover from the heist, detailing their goals of raising more reserves, making whole those who were invested in the project before the attack, and “securing the enduring success of Beanstalk’s economic model”. Best of luck to them, but I think their initial response, on the day of the attack, might be more true: “Honestly not sure what to type. We are fucked … It is highly unlikely there is any sort of bailout coming.”
If you want to read the complete version of the newsletter please subscribe to receive TechScape in your inbox every Wednesday.