Sometimes reality is stranger than fiction. This morning, around $181 million dollars of internet beans, a cryptocurrency which sought to inevitably replace the US dollar, was stolen from its digital vaults. There have been many crazy internet events in recent history, but in my mind this stands out as one of the strangest. Crypto as an industry is evolving very rapidly, and stories like this go to show how far we’ve come. But what are Beans, and how was a bad actor able to successfully steal tens of millions of dollars, and even then do so anonymously? First, we must understand what the Beanstalk Protocol sought to do and how decentralized programmatic finance, DeFi, was able to be exploited.

Beanstalk Protocol

The price of a Bean, a new form of currency invented by the Beanstalk Protocol, is equivalent to one US dollar. In the real world we can be sure that a dollar is worth a dollar because the US government says so, but in the crypto world no one has that privilege of authority. Beanstalk sought to be a programmatic stablecoin, one worth a US dollar, not because a trusted authority said so, but because the currency itself would programmatically stabilized to such price based off its supply and demand.

The most crucial feature necessary for the success of Beanstalk was the promise to make its financial backers incredibly rich. At its core, Beanstalk uses ponzi dynamics to convince backers to stake real dollars to ensure Beanstalk’s economic success. As an investor in Beanstalk, one buys Beans, usually worth a little above $1 US dollar, and “plants” the bean within Beanstalk’s virtual land, effectively programmatically loaning money to the protocol. Every hour, or “Season” in bean world, these Beans grow into Stalks, which by existing itself creates more Beans, which brings the market value of a Bean back down to $1. Then the cycle repeats.

If you deposited money early within the protocol’s tenure, this meant that your deposit in the Beanstock Protocol may have increased something like 20-fold. For example, a computer science student may have deposited some of their summer internship savings, five thousand dollars, into the protocol. Over the course of a few months the money, or beans, compound. As of yesterday they would be sitting on one hundred thousand dollars worth of Bean tokens, more wealth than many people see in their entire life. After which they could have converted back into U.S. dollars through a crypto exchange. Today, the Beanstalk Protocol is compromised, the value of $BEAN is nothing, and their stake is worthless.

The Exploit

How did this happen? The short answer is that a Beanstalk Protocol is programmatically governed by holders of beans, and on April 17th a anonymous bad actor took a loan of around five hundred million of dollars of beans and made a malicious majority vote to drain the Beanstalk’s treasury. From there they laundered the money through a separate token protocol, effectively bringing home $75 million untraceable dollars through this hack.

Cryptocurrency engineers are still figuring out exactly how this exploit happened, but the technical details are insane and display the full capability of the complex new financial instruments of DeFi in action.

One may ask: how does someone just anonymously borrow $500 million dollars? The answer boils down to a new concept created in DeFi called flash loans. Transaction history gets finalized on a blockchain in “blocks”, which usually last every several hours. A flash loan is a loan that gets safely created and paid off in a single block. Because transaction history is only finalized at the end of block creation, if someone borrows money they don’t pay off, then the originator of the loan doesn’t have to acknowledge the loan as valid, and all the subsequent transactions the borrower has made are invalidated. In this case, the flash loan from the bad actor was used to hack the Beanstalk’s treasury and the funds stolen were used to pay off the loan. At the end of all of the financial math, the bad actor profited off with $75 million dollars.

Looking Forward

Today, $181 million beans were stolen in internet land. Cryptocurrency is still the wild wild west, and as a cryptocurrency investor everyone who invested in Beanstalk assumes the risk for these types of investments. At the end of the day, the Beanstalk Protocol was an innovation in finance, and the ones that built it deserve recognition for creating something special. Who knows, maybe there will be a way to retrieve the stolen funds or make investors whole. It still be very exciting to see where cryptocurrency goes, and how decentralized organizations like this will be run in the future.