Beanstalk Farms offers plea deal to perpetrators of $76M exploit

Beanstalk Farms, a credit-based stablecoin protocol exploited for around $76 million in crypto on April 18, has offered a bounty of 10% if the attackers return the funds.

The offer was posted on the company’s Twitter and sent to the attackers via an on-chain message the following day. It proposed that the exploiters return 90 percent of the stolen funds to the Beanstalk Farms’ multi-sig wallet.

In return, the exploiters will be allowed to keep the remaining 10 percent as a whitehat bounty — a deal offered by platforms to reward individuals for reporting security exploits and vulnerabilities.

As reported by Cointelegraph, the $76 million exploit, which was initially thought to be around $182 million, was not considered a hack as the smart contracts and governance procedures used to carry out the transfer had functioned as designed.

If you will return 90% of the withdrawn funds to the Beanstalk Farms multi-sig wallet 0x21DE18B6A8f78eDe6D16C50A167f6B222DC08DF7, Beanstalk will treat the remaining 10% as a Whitehat bounty properly payable to you.

— Beanstalk Farms (@BeanstalkFarms) April 18, 2022

During a podcast on Monday, Beanstalk founders, including Benjamin Weintraub, Brendan Sanderson and Michael Montoya, admitted that flaws in its design “ultimately led to its undoing.” A statement on Tuesday affirmed that a previously-unknown issue with Beanstalk’s governance process was the mechanism used for the exploit.

Related: Beanstalk Farms loses $182M in DeFi governance exploit

The Tuesday statement also added that it temporarily shut off protocol governance and paused Beanstalk while it prepared a strategy to re-launch with a path forward.

Spokesperson Weintraub returned to the podcast on Tuesday, discussing a path forward for the company, which includes some sort of fundraising.

“Let’s start with what’s the problem. Beanstalk had something like $76 million stolen from it yesterday. Now it needs to recoup as much of that money as possible. It doesn’t need to recoup all of that money.”

Weintraub floated a number of possibilities to raise the required funds should the exploiter fail to return the funds, such as offering a newly created token or slashing the its users’ token holdings, known as Pods, Stalk and Beans. Pods, Stalk and Beans are the ERC-20 tokens used to power the credit-based stablecoin protocol.

However, Weintraub admits that the specific structure to raise the capital is still “very much in the air,” but remained upbeat about the protocol’s survivability.

“From our perspective, Beanstalk isn’t going anywhere. Beanstalk Farms isn’t going anywhere. The real question is how much of the $76 million Beanstalk is able to crowdsource. This isn’t the worst place to be in guys.”