The stablecoin protocol Beanstalk has suffered a hack where 182 million USD got stolen. Here’s how the devs plan to rescue the project.
76 million USD in liquidity lost
On April 17, Beanstalk suffered an exploit that netted the attacker a total of 182 million USD. That includes 76 million USD in assets not related to Beanstalk, which were used to give the protocol’s stablecoin (BEAN) liquidity.
Apparently, a flash loan exploit allowed the attacker to create and pass a governance proposal that would send all the funds held in the Beanstalk treasury to his address. Following the attack, three members of the dev team behind Beanstalk, known as Publius, doxxed themselves to indicate their honesty and intention to try and recover the funds.
So far, Beanstalk has reached out to the FBI, but has not gotten a response yet. Via Twitter, they have offered the attacker a clean getaway for returning 90% of the stolen funds to the treasury.
The path for(k)ward
On Monday, the dev team known as Publius revealed plans to recover the protocol in the event the attacker does not return the funds. This entails redeploying the Beanstalk smart contracts to create a forked state of the protocol from a point before the exploit.
Still, Beanstalk needs to raise 76 million USD to recover the lost liquidity. Conveniently, the protocol has a built-in method to raise funds, which has already been tested successfully in the past. In contrast to other decentralized stablecoins, Beanstalk is based on credit, rather than collateral.
Whenever BEAN trades below its USD-peg, the protocol buys back BEAN in exchange for IOUs called Pods. The plan foresees to set up a new line of pods that mature faster than the ones already issued to attract investors who bail the project out. Should this not be sufficient to raise 76 million USD, a haircut for the existing Pod holders might become necessary.
Current BEAN token likely dead
As Beanstalk lost all of its liquidity, the BEAN price became de-pegged quickly after the exploit. At the time of writing, it trades for just 5.5 US cents. This begs the question if it is worth buying BEAN now and hoping for a restoration of the peg.
According to the devs, this is most likely not the case. Unless the hacker does indeed return the stolen funds, there probably won’t be a way around redeploying all of the smart contracts, making the current BEAN token worthless.