This is also known as "privatized profits", "socialized risks".
The same thing happened after the financial crash of 2008. Banks demanded to be bailed out because of the systemic risk to the American financial system. But when people started to demand that banks claw back the bonuses paid out, the banks said no. They claimed that would be government overreach.
They figured human nature would keep them safe. And that no one who could muster the capital to perform this action would want to, and anyone that would want to wouldn't be able to muster the capital.
Technically, the risk of borrowing that amount of money is high. As is the risk of investing that amount of money into one coin. They figured anyone that would even begin to attempt something like that would operate in good faith. No way they'd tank the coin, because they have so much skin in the game.
Well, that doesn't matter when you can take your skin and go home. Not to mention the skins of everyone else, wearing them Hannibal Lecter style.
No, it was expected that people with more skin in could decide to take any action they liked. Including, "take $182 million in reserves easily with a flash loan".
I have been thinking this for a while. This is being called an 'attack' and a 'hack' although it seems pretty clear the user(s, probably) just understood the code well. It doesnt seem any of the steps in execution would have been illicit otherwise.
This is the crux of the whole DeFi thing, and I strongly agree this was not a hack.
My whole problem with DeFi is Gödel's Incompleteness Theorem. Roughly, it states that any reasonably complex code is going to have outcomes that cannot be determined by reading the code. In this case:
* Started with currencies that didn't allow flash loans.
* Made a "we feel good about democracy of involvement" rule that supermajority could make any decisions with the funds "because we like people who invest in our work."
* They added two currencies that supported flash loans.
* Person or persons with currencies used flash loans to gain supermajority to transfer the funds out.
This is why banks are inefficient. There are (in theory) safeguards to transfers make it possible to stop or reverse activities. DeFi is forever going to be dealing with these issues after the fact.
Applying the incompleteness theorem wouldn't say that every piece of complex code has unpredictable outcomes, but that there exists some pieces of code that have unpredictable outcome.
Seems like in this case the outcomes were entirely predicted by the "attacker".
Incompletness Theorem states that any system/language with primitive recursive arithmetic is either incomplete (since there is a construction of an undecidable statement via self reference) or unsound (since that same undecidable statement would be in contradiction)
AFAIK but speculating every programming language has primitive recursive arithmetic.
You are probably better off going with a computability theorem (such as the halting problem) instead of incompleteness. However, I suspect both will get you to the same place. Namely, there exists a program whose behavior cannot be predicted.
There is no theory that says that there does not exist a program whose behavior can be predicted. We have just criminally underfunded research into formal verification; and somehow decided that even computationally limited, code is law programs handling millions of dollars don't need any type of formal verification
That it can produce contradictory results, if you have contradictions then at least one must be in error which means that following the language construction rules can produce erroneous results.
Yet another pseudoscientific application of Gödel’s incompleteness, which makes very specific guarantees about logical systems of a certain strength and their ability to prove theorems. I’ve no idea how you could twist it into what you suggest.
A "hack" is just attackers understanding the mechanism of the code better than the developers and doing things that the developers didn't intend to be possible.
it is if we're talking about binding ourselves to legal contracts that execute on the basis of the result of proof of work security instead of proof of stake and centralized-forking garbagecoins
The quality of HN posts on crypto is borderline - writing stuff like this pushes it off the edge towards flame wars and ‘All crypto is bad, just look at these flame wars’. Please try add more substance to posts, such as how PoW vs PoS has any impact on Code is Law (especially when Eth moves to PoS and Bitcoin becomes the last big PoW chain left, yet doesn’t have smart contracts).
When you willingly take financial action with a smart contract, you are agreeing to the smart contract. The smart contract is code. While code is not “law” literally, in this case it is the lawful contract definition. How else can you possibly interpret this?
A "smart contract" is merely a program. Manipulating a program or abusing it for your personal gains at the expense of others is often illegal.
If you're not into the cryptocurrency mess, this reads like regular old hacking. "If code is law and your code allows me to execute arbitrary SQL queries, then this SQL injection is perfectly legal" doesn't hold up in court. The FBI will not let you go because technically you only asked the remote server to execute your request.
It does invalidate the "code is law" concept, but in the real world, code isn't law.
Not even embezzlement. Everyone put skin in the game only on the condition that the stipulations laid out in the contracts were followed. One of the stipulations was that people with more money get the most say on what to do with all the money. This was an explicit stipulation, and I can't for the life of me understand why anyone would agree to put in their resources in under such conditions, but they did.
Looking at the Terms and Conditions as well as the contract, this goes under "A fool and her money". There was no embezzlement at all, this contract literally said people with more money can potentially vote to take all the money. Which is madness, but people agreed to it.
It would be buyung up majoruty, then voting to transfer all assets to self. In non-crypto world there are minority shareholder protections that cover even someone with a 1% stake against the other at 99%.
No, this is more like someone buying up 51% of the voting shares of a public company, and then using his voting power to transfer all of the company's assets into a shell corporation that he controls, screwing the minority shareholders.
Which is illegal, and will get you sued if you try it.
Isn't that because management of a company are required to act in the interests of all share holders? It seems like this kind of structure needs similar safeguards but I doubt that it actually does in any relevant jurisdictions at the moment.
Yeah but this case doesn’t involve any malicious code vulnerabilities.
Code is not law, but this “attack” isn’t abusing the code so much as the basic premise of what the code is designed to do. This is the intended agreement
> Manipulating a program or abusing it for your personal gains at the expense of others is often illegal.
Here's the challenge, though: it is impossible to definitively say whether the functionality of a program is intended behavior or not. For a classical server that gets "hacked", the code is running on a server that someone owns and access to that server is defined by the owner. Similarly, the maintainer of the code decides whether the behavior of the code was intentional or not.
On a blockchain, there is no single server, the code is being executed on many machines. And you can't trust any individual, the author of the contract got their chance to clearly describe the intention of the code when they wrote it. There is literally no way to determine whether the contract was used as intended, or exploited. You can't go ask the author because they can just lie. The code is all you have.
But that doesn't mean "code is law". Consensus is law. The blockchain can be forked, the transaction reversed, and the contract amended.
If a payment gateway’s API accidentally exposes a vulnerability that can be exploited without obtaining any credentials illicitly, does the same thing apply? Under your proposed definition, the vulnerability is “legal” to execute until it’s patched.
No, the same doesn't apply because the payment gateway probably has terms of service and specific laws protecting it. It's protected by those laws.
Cryptocurrencies claim to be something else. Something that isn't government by terms of service, laws, etc. How else could you create a worldwide decentralized currency without adopting a rule that code is law.
I think we’re actually in agreement here, then: a program deployed on a decentralized network has too many shortcomings to be used in lieu of a legal system, and also, its exploited vulnerabilities can’t be subject to existing laws.
My main objection is calling it law: if you’re scammed while purchasing illicit substances on a darknet marketplace, you have no legal recourse, but the marketplace’s rules can’t be called “law”, either.
> While code is not “law” literally, in this case it is the lawful contract definition.
No, it's not.
At best, there is some kind of implied-in-fact legal contract related to to the code in the “smart contract”.
“Code is law” is an aspirational slogan repeated by people who fetishize the former and oppose the latter, usually without understanding it (or either.)
>While code is not “law” literally, in this case it is the lawful contract definition. How else can you possibly interpret this?
You can have a contract that both parties thinks says one thing, but they each have something different in mind. That's a failure of mutual assent. You can have contracts where the thing which is contracted on becomes impossible. One party can misrepresent the contract, either deliberately or innocently. The contract can be agreed to under duress; or be so uneven in its obligations that is manifestly unconscionable.
To a greater or lesser extent, all these scenarios can give rise to rescission of contracts or their avoidance in courts of law. The idea that code is an unambiguous statement of the contract and therefore definitively legal and perfectly binding is nonsense.
You're talking about dumb contracts and off-chain legislative systems of a random country. That's not what we're talking about.
The question isn't, "once we get these people in a room, how do we (as a legislative body) decide who owns what and compel the parties into cooperating?" The question is, "these parties are assumed to retain perfect anonymity, and they operated according to the design of the consensus-based system that we (as miners) agree to; are we ok with the outcome? Should we come to a consensus on an adjustment to the design?"
Smart contracts are unambiguous by definition. What you're describing is PEBKAC at best.
How is it good public policy for contracts executed at gunpoint (for example, considering the duress case) to be considered good? Such contracts are not, to my knowledge, consider valid anywhere in the world and for obvious reason and need to be undone.
It doesn't matter whether the contract is unambiguously written if you sign it with a gun in your mouth.
There's no way to do this in code. You need a judicial system to make determinations on them based on facts. There is no "adjustment to the design" other than incorporating some kind of arbitrary undoing capability into smart contracts that defers to a legal oracle that consumes decisions of courts and applies them into the chain.
Maybe that's your question but people who have lost money are entitled (and should be entitled) to ask the other question and attempt to make it come to pass through trying to unmask the identity of the presumed anonymous actors and suing anyone who acted deceptively or negligently in the situation that led to an unexpected loss.
From the little I know of this case it seems likely that this should have been governed under securities law and all participants should have been kyc'd. If that didn't happen then it looks like someone was committing securities fraud.
The speed at which computers run is beyond human intuition and beyond the speed for humans to respond. A killer robot will kill everybody in range practically instantly. It would be nothing like what movies show.
Fortunately for us, you can't kill someone with a CPU cycle. You need to use a servo for that. Which, while quick, are far from instant, and will always be limited by basic physics like thermal management.
Urgh, yes, that's so annoying. Skynet drones won't pepper the ground behind the hero with bullets while flying low and slow, they'll land every shot on target in milliseconds, before any human even sensed there was a threat. And they won't have a standards-compliant USB port to take over control either.
The only real question is whether the machines think one bullet to the head is most efficient use of resources, one bullet per organ, or an equivalent mass of non-depleted (they don't care about radiation, the biosphere is not their problem) uranium to the target biomass.
Machines don't currently, in any form, do their own maintenance. A killer robot army would utterly dominate the battlefield until it broke down and ran out of consumables. It would then completely stop.
> Fully autonomous weapons are also a code is law problem.
In the same way that a serial killer is a “psychopath is law” problem.
The problem with both descriptions is that both use “law” to mean “something that happens and has consequences” rather than, well, law in any more specific sense.
yes this. Crypto bug bounties are way too small given the stakes. $30k and bragging rights is not as enticing as $30 + million instant. A bug that allows some possible code execution if a dozen improbable conditions are met would be worth disclosing for $30k, but the if you're talking tens of hundreds millions for the taking right now literally with a single tx, then you need to do better than that.
I'm somewhat sympathetic to this view but I don't think it's consistent. If your bank gets hacked due to a flaw in the code and millions get stolen, why would you not apply the same code is law principle?
Because the bank's relationship with its customers, central banks, and society as a whole, is codified in law and not in code. So if you find a legal loophole that's different from hacking the bank to get something the legal system doesn't entitle you to. When the code is the law, a hack is a loophole.
There seems to be an ongoing misimpression here that code is, in fact, law, as though our existing legal system doesn’t have something to say about that.
Because a bank's code is not the law. Banks handle actual money, for which there is a thousand year history of common law for settling disputes of ownership, debt, theft, collection practices, and insurance.
I think it is consistent, banks are built on legal frameworks. If you so chose to, and you were in certain countries, you could "hack" the legal system to steal the money yourself [1] and it would be perfectly 'legal'.
That’s a bit like saying that bank robbery proceeds should be considered the price of security consulting. You can’t just blithely wave away the spirit of the law and scienter as if it’s not a thing.
There's a reason why "do what thou wilt shall be the whole of the law" is not the guiding principle for Western society.
Yeah, except the biggest selling point of cryptocurrencies is that it's decentralized and above the law of any one government. The code is supposed to be law.
So the true spirit of cryptocurrencies is that if there's a flaw in the smart contract, it's okay to exploit it.
That doesn't seem to follow. If code is law, then what spirit is there to interpret? That was the intentional deviation from the scenario where we all understood that rules couldn't be perfect and that we must strive towards the spirit of the law.
That's the point. It isn't, except in some fantasy world that does not exist.
Let me put it this way: if you don’t think you could tell a judge this without getting laughed at, while you’re wearing an orange jumpsuit and ankle bracelets and chains, it’s probably not real.
You're going to point out where the code violates the law then, because it otherwise refers to normal agreements that get executed mechanically.
You might be getting hung up on a phrase, that while awkward, isn't the point of contention here.
As a society, we've been dealing with the problem of contractual errors for centuries. Even the best drafters make mistakes, and those errors have had to be remedied -- often through litigation -- to effectuate the parties' actual intent. Our courts have even voided fully-agreed contracts between parties to further the public interest.
I also can't help but wonder whether these sorts of activities would be prohibited conduct under the Computer Fraud and Abuse Act, 18 U.S.C. 1030(a)(4), as the elements seem to be met:
"[Whoever] knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value" - where "authorized access" is liberally construed to mean the intent of the author of the mechanism in question.
A similar thing happened with an Ethereum smart contract that was exploited several years ago. The "code is law" principle didn't apply there either, since the developers forked the Ethereum block chain and reversed the offending smart contract transactions. The original Ethereum chain still exists today (known as Ethereum Classic) but it's not worth nearly as much as the forked Eth chain is.
Code is law as law of nature. Not government laws.
Code I Laws just means that if code was executed in the way it was intended to work and you don't like it you don't revert your blockchain. You keep blockchain as is, because it's nature of blockchain. But you're free to go to the law enforcement guys, courts, whatever, to enforce government laws if you think they were broken.
Nature is decentralized. But if you car was burglarized, which is perfectly fine under laws of nature and the glass physics, you still call the centralized police.
Except whole promise of the crypto-anarchists, decentralized autonomous organizations, tornado, etc, etc was to break free from the tyranny of government. Then when shit invariably hits the fan, they run to the FBI complaining about how they got robbed. The features that support money laundering and tax avoidance mechanisms that underpin the vast majority of actual money flowing through the crypto space are in direct conflict with the gov organizations that we are talking about here, so it's not like these things can coexist together in the buckets of "natural law" vs "government law".
Okay, I guess there are people who consider cryptocurrency as opposition to the government. That's fine. But how it relates to the current situation and specifically to the "Code is Law"?
Ha yes exactly. "We have transcended the need for rules. Except this one rule. And maybe another rule if you keep being mean. And if you break that rule I'll call my mom on you"
I've never heard law enforcement ever be promoted as a method of resolving crypto issues. One of the talking points about crypto, especially with the tech-libertarians, was that no centralized authority could seize or freeze your funds. Complaining that someone exploited a "code is law" flaw and then running to the police exposes the whole thing.
What fraud? This was a proper and orderly transaction... fraud requires deception. If there's any fraud here, it's on the part of anyone who claimed this wouldn't inevitably happen according to the rules they concocted.
The code isn't the law, consensus is. If the miners disagree with a transaction, they can collectively agree that it never happened. IMO that's the most in-the-spirit-of-cryptocurrency way to handle the problem, for better or worse.
Yeah, they said whoever has the most beans has control. So these guys got a loan to get beans, took control, and left with the money. They didn't even hack it.
They fell for the Proof of Stake / Ayn Rand fallacy which is the assumption that anyone with a lot of money is a good person.
Btw, that's why proof of stake is so complex. They have to do all these complicated hacks to get stakers to be good.
I hear people saying that Ethereum is finally going to make that proof-of-stake transition and not be so energy intensive anymore but I wouldn't be surprised if bad actors have accumulated a knowledge base of vulnerabilities they haven't shared and if within 48 hours to a month there is no more Ethereum.
No. Generally speaking, proof of stake doesn't let someone transfer other people's funds to themselves just through owning a large proportion of whatever cryptocurrency - that's a really bad idea in terms of incentives and also not necessary for it to work - and has time locks in order to try and ensure that funds are actually at stake, which would prevent flash attacks like this one. This was just really badly designed. Letting someone with a mere instantaneous supermajority of money committed decide where to transfer all the invested funds to in a system with flash loans available pretty much guarantees something like this will happen.
No, proof of stake is a means of consensus for transaction validation[0]. This exploit took advantage of a governance token's voting power to distribute funds in a smart contract[1].
Basically somebody borrowed a bunch of crypto, bought controlling “shares” (tokens) in the DAO, and voted the treasury into their own wallet.
I’m curious why controlling levels of the token were on the market, and I have to assume that’s what the creators didn’t account for: the possibility that the people who were supposed to manage this thing would be buyable at a realistic price. I’d also ask why there wasn’t some kind of time delay on important decisions like that? It’s pretty bizarre.
It doesn’t help that smart contracts are just not super easy to build. They’re just easy enough for you to think you can, but when I’ve dug into the actual complexities, it’s been pretty rough. It’s especially hard when each op costs gas, so you’re having to focus on security and efficiency at the same time. I have to imagine it disincentivizes more complex business logic around managing a DAO, like you’d expect for something like this.
> I’m curious why controlling levels of the token were on the market, and I have to assume that’s what the creators didn’t account for: the possibility that the people who were supposed to manage this thing would be buyable at a realistic price.
From the article:
> A still-unidentified attacker had borrowed $80m in cryptocurrency and deposited it in the project’s silo, gaining enough voting rights in exchange to be able to pass any proposal instantly.
I’m not sure but my guess is that they basically had an uncapped token that mints in exchange for deposits, and that’s used for voting. So you didn’t need to buy off existing holders, just deposit more than everyone else put together and mint more tokens than have previously existed.
> However, on Monday the stablecoin’s value had not hit zero and was around $0.12, since some traders were voluntarily buying beans, betting that some rescue package would arrive to rebuild the project’s treasury and restore the peg.
Well, that rescue package better be at least $500 million this time, or the guy's already written the code to do the same thing again, but $182m richer...
This is bizarre and example of how I don't understand the crypto world at all. Shouldn't a stable coin that is manifestly no longer stable be worthless? Is it known whether the hacker managed to translate their coins into something else before the price crashed, or did they also lose most of what they captured?
I think people are betting that it might come back, or get bailed out by some investor. Wormhole, which lost hundreds of millions was bailed out by a VC within a day or 2, so there is definitely a non-zero chance it could happen.
> Question 2. Why do we refer to them still in mainstream discourse as systems that even qualify as cryptocurrencies?
Because a sizeable part of the population that doesn't care about cryptocurrency but cares about climate change has been sold on the idea of it. They were told that PoS can get by without the energy waste of PoW.
$0 recovered, no arrests despite many hacks and billions stolen. goood luck with that. these hackers are likely in Eastern Europe, far from reach of FBI. There is no information to go on.
There must be entire teams going through these smart contracts looking for exploits. Imagine making 10-100mm in a day just with some code. You would have to work for 100-s1000s of years to make that much.
> A still-unidentified attacker had borrowed $80m in cryptocurrency and deposited it in the project’s silo, gaining enough voting rights in exchange to be able to pass any proposal instantly. With that power, they voted to transfer the contents of the treasury to themselves, then returned the voting rights, withdrew their money, and repaid the loan – all in a matter of seconds.
Sounds like when I was a kid and my brother would make up a game with vague rules, but when I'd pay it in a way he didn't expect, he'd say, "no not like that!" and call our mom.
Congrats to whoever found the loophole and made nine figures!
Beanstalk apparently set up what amounts to staking system for votes. More money == more votes. Have enough money? Well, then you have the majority of votes and can do whatever you want.
This is precisely how the system was designed to work. They just didn't foresee someone building up a large enough stake to amass the voting power needed to undermine the system. And that is simply a failure of imagination and goes to show how naive these folks were.
The way this works in the real world is you have a limited number of shares that give individuals some number of votes, and those shares change hands. In order to build up a large enough position to control a company, you have to convince existing owners to give up their stake or vote with you.
But if every dollar contributed to a "silo" creates a new vote, then yeah, you're basically saying: If you're rich enough you can take control of the project by simply amassing a large enough fortune in the project.
There's probably things they could've done to reduce the likelihood of an event like this--e.g. requiring supermajority or unanimous voting for certain types of changes, for example--but they didn't, so here we are. The system worked as intended.
And yes, I really mean "intended". They intended for people with more money to have more of a voice. And this is the (extremely obvious) consequence of that choice.
The thing about a flash attack is that you don't need to be rich to buy that many tokens. You can borrow funds, buy the tokens with borrowed funds, execute your vote, sell the tokens, and then return the funds all in the same transaction.
Absolutely, the mixing of flash loans in all this is a fascinating little "innovation" that made this transaction that much easier. But there's certainly crypto whales out there with enough funds that could've done this if they felt like it. A 2x return on an 80M investment is a pretty darn juicy opportunity for someone with a sufficient lack of scruples. TBH, the more I think about it, the more surprised I am that it took this long for someone to take advantage of this weakness...
A flash loan is a risk free crypto loan. It works by releasing the money only on the condition that it is returned before the end of the block. If it is not returned by the end of a block, the block is invalid and can not be added to the blockchain (provided the majority follows the block chain rules). Any block that is added to the blockchain has an exclusive lock to the entire block chain (no two blocks can "happen" at the same "time") meaning this guarantees atomicity of what happens in a block.
But then how are the funds used? Why is somebody able to transact with funds that they will receive in a block that hasn’t yet been added to the chain?
3. give LOANER_ADDRESS (amount_borrowed + interest)
When 2. is executed, the loanee has the money. When 3. is complete, the loaner has the money back. If the loanee doesn't have the money to give, 3rd step fails. And since its atomic, the whole transaction fails.
It's a loan with a guaranteed atomicity in repaying.
A single atomic transaction does:
1) Borrow $80M
2) Use $80M however you want
3) Return $80M + loan fees (e.g. on Aave this would be 0.09%)
The lender is algorithmically guaranteed to get the money back and the borrower can potentially take advantage of large scale transient opportunities, or...just wreak havoc on a poorly secured system.
And if you're wondering "but why??", if I'm not mistaken, one of the initial use cases for flash loans was in exploiting arbitrage opportunities, which tend to be transient with fairly low returns, which means you need access to large amounts of funds fairly quickly in order to take advantage of them.
They’re used a lot to maintain uniform exchange rates across Defi projects etc. In theory allowing anybody to borrow a lot of tokens to exploit arbitrage opportunities means that the rates will converge simply due to market forces (because if one project offers a better rate than another it will quickly be arbitraged away).
It's a tool for...atomically loaning and repaying large amounts of money. You can use that however you want, most typically for arbitrage to bring markets into equilibrium while earning a profit. The arbitrage isn't fundamentally different from what happens in traditional markets and flash-loan-like primitives are being developed outside of crypto.
(I don't know what the second question means or what your mental model of a "real" currency is)
Structured like that, it honestly sounds like the only thing that "went wrong" is that an unplanned third party end ran their "technically this is completely by the book" rug pull.
The only bit of information I’ve found in support of their credibility is their willful “self-doxxing” in the announcement they made post-attack on their discord. Mind you, the names they gave for themselves could be completely false, they did not follow it up with any more identity proofing, but if the projects’ founders identities are what they say they are (and there is no cofounder/person involved with the project), logic dictates that save for some 4D-chess level scheme, no attacker would identify themselves immediately after the attack.
You're assuming that it wasn't intentionally designed that way.
The regularity of these events should makes it impossible to believe that they're all accidents... it's also not possible to figure out exactly which ones are and which aren't, which is itself no accident. (Or in which cases a third party exploited the vulnerability prematurely...)
Particularly so in that the advertised functionality of the system was obviously a non-sustatinable ponzi scheme... It was always going to explode, the only uncertainty would be how.
The counterbalance is that this is like a game of hot potato. You set up your platform with known flaw, and you wait around trying to hit max locked funds. But the whole time you're nervous someone else is going to spot the issue and take it before you do.
If that happens, and you used some kind of personal credibility to set it up, you've missed your shot.
This is why you have things like quadratic voting to e the votes you have from your net worth - it’s cheap to vote once, it’s cheap to vote for two different things, but it’s very expensive to vote for the same thing repeatedly
There are ways to reduce this issue but yeah you are right. For example, you could require people to be staking X for Y period of time in order to vote. You could have a voting system that picks voters in advance so you can't suddenly generate accounts before the vote you want to abuse is called. You could analyse accounts and not allow 'fake looking' accounts much in the same way you can spot fakes on Twitter. In fact I'm currently building such a tool for NFT collections to try help people avoid ones with dodgy buyer behaviours.
Also as the other user posted, gas fees would cripple you on Ethereum. Pretty sure I spent $50 sending some money somewhere earlier.
Quadratic voting isn't all that different from one-person, one vote, because it assumes it's difficult to create new accounts. Otherwise you could just create a new account for each vote.
So then you need an identity verification system, or at least some practical difficulty in creating many accounts without getting caught.
>There's probably things they could've done to reduce the likelihood of an event like this--e.g. requiring supermajority or unanimous voting for certain types of changes, for example--but they didn't, so here we are. The system worked as intended.
A supermajority was required. The attacker purchased enough LP tokens to secure one. At the moment of the attack they held about 70% of voting power.
Unanimous voting wouldn't have been particularly useful because it would never be used. You can't ever convince every last investor to log in and pay gas to vote on a governance measure.
There was a protection in place, which was that the measure must be up for 24 hours before it can be passed. But the critical flaw was that the contents of a measure can be swapped out by a supermajority token holder, even after the 24 hour cooldown period. The attacker threw up 2 measures, one pointing to a nonexistent contract address, and another dummy measure as a diversion that would have transferred $250,000 to Ukraine and $10,000 to a wallet they owned. The diversion worked, and everyone spent the 24 hour period discussing why someone thought they could hoodwink the LP token holders into swindling $10,000 from them, and more or less ignored the second measure. Then, during the attack, the attacker deterministically created the treasury liquidation contract at the formerly blank address and used the flash loaned supermajority to pass it.
Obviously I don't understand the details of Beanstalk, and you clearly have a lot of expertise, here, so first, thank you for the details!
Second, I am curious:
> There was a protection in place, which was that the measure must be up for 24 hours before it can be passed.
So what happens after that 24 hours? The way you've described it here, it sounds like there's an up/down voting system after the cooldown period to either confirm or block the proposed measure, but it's not clear to me how that works. Who has control over that final decision?
I'm not a technical expert, just someone who lost a couple thousand bucks of expendable high-risk gambling money yesterday and wanted to dive deep to see why.
>So what happens after that 24 hours? The way you've described it here, it sounds like there's an up/down voting system after the cooldown period to either confirm or block the proposed measure, but it's not clear to me how that works. Who has control over that final decision?
Anyone with at least 0.15% (IIRC) of voting power could propose a measure, at which point it would show up on the web app frontend with every LP token holder's vote defaulting to "No". It would have to accrue "Yes" votes from holders of >50% of LP tokens within a certain time period to pass. Alternatively, holders of >2/3rds of LP token could force pass a measure immediately, though this wasn't implemented on the web app frontend. But each of these was subject to a 24 hour period -- no measure that hadn't been proposed at least 24 hours ago could pass, even by supermajority.
> It would have to accrue "Yes" votes from holders of >50% of LP tokens within a certain time period to pass.
And I assume the decoy proposal was just a means to ensure no one realized what was going on and themselves use a flash loan to reduce the attacker's voting power below the 50% level needed to pass the proposal?
Not offhand, but if you want to find the discussions, you can go into the Beanstalk Discord and search "Ukraine" prior to the time of the attack, and you'll see people discussing the rogue measures.
>This is precisely how the system was designed to work. They just didn't foresee someone building up a large enough stake to amass the voting power needed to undermine the system. And that is simply a failure of imagination and goes to show how naive these folks were.
My favorite take on crypto commodity is that “They’re recreating and failing to solve problems that have been solved in traditional banking for hundreds of years”.
Maybe there is some upside where this is just all growing pains, or maybe it’s all garbage all the way through, I don’t know.
But it’s clear to me that technically smart does not mean economically wise.
So how long until the crypto speedrun of financial crises reaches, and then surpasses, the regular financial system and we see financial crises that haven't even happened yet in the regular financial system (but are likely to happen at some point in the future)?
> This is precisely how the system was designed to work. They just didn't foresee someone building up a large enough stake to amass the voting power needed to undermine the system. And that is simply a failure of imagination and goes to show how naive these folks were.
They also didn't do any research on why a mountain of legislature, regulation, and case law that protects minority shareholders exists.
By the time you're playing with nine figure sums, one would expect that to be something they should have looked into!
> They also didn't do any research on why a mountain of legislature, regulation, and case law that protects minority shareholders exists.
Well, no, because the assumption among crypto libertarians is those laws and regulations are a product of a government that's a) incompetent and/or b) corrupt.
If you take it as a first principle that the current system is the one that's broken and that you're part of a grand mission to reinvent it, of course you're not going to waste your time trying to learn from it.
And now people are learning the practical reality of what can happen to their investments when there is no mom and the dad is MIA.
The sad thing: These aren't just anonymous crypto bros on a beach losing their tokens through theft, rugpulls, crashes, or other vulnerabilities. A lot of ordinary people are burning up their savings on these schemes (enabled by platforms like Coinbase and OpenSea and even Venmo) even as they urge other suckers and family members to get in on it.
Point was being roped into bad (gambling-tier) investments. How funny, I somehow wrote Simpsons rather than South Park; There's no such thing as enough sleep in spring weather.
TL;DR: Beanstalk violated several commonly known best-practices and are now suffering the consequences. This kind of economic vulnerability can barely be called an attack - certainly does not clarify as a "hack" and it's several years since the community learned from bzx and similar almost identical incidents what happens when you make irreversible decisions based on on-chain price oracles like Curve (which is jot the fault of Curve - they should just not be used this way!)
Hopefully the FBI recognizes this. If anything, Beanstalk promoters are responsible for irresponsible marketing and shifting blame.
> The lightning hostile takeover raises fresh questions about the unregulated nature of digital currencies and the lack of protections for investors.
No it doesn't. It's quite clear that there weren't any protection mechanisms at all. The kind of investors who put funds into contracts that can have those funds transferred out at the whim of a threshold of governance votes that are tradable on the public market must be aware of these risks - in particular sine it's the umpteenth time that in principle identical scenarios have played out over several years now.
I've been running a SIGECOM chapter at UIUC and the main theme over the past four/five months is people meme-ing about Beanstalk and how its such a shit show. My original concern had to do with the stability lever only working to decrease the value, so it inherently requires a "distinct triangular shape" to keep itself running. I didn't take it seriously enough to do a deeper analysis (mostly because I'd find something like this, but I can't really do anything with it legally) but there's about $10k invested in the ecosystem as LPs/bond-owners within my group of friends.
> Is this just money laundering? Lost money ain't taxed the same.
No. How would that even work? Did all the beanholders conspire together to frame this hack? Even if they did, what they'd end up with is transforming a bunch of clean money into a bunch of dirty money. The point of money laundering is usually to do that thing in the other direction.
What is the point of stealing this money then? Presumably the "thief" thinks they will be able to cash in on it in some way. Can these "losses" be used to avert taxes on the part of the "investor"? If the pain of the laundering is less than the potential tax avoidance then you might have a profitable laundry outfit.
> What is the point of stealing this money then? Presumably the "thief" thinks they will be able to cash in on it in some way.
Yes, exactly, and that is distinctly different from your earlier hypothesis that the whole thing may have been a conspiracy to money launder on behalf of the people who lost money.
> Can these "losses" be used to avert taxes on the part of the "investor"? If the pain of the laundering is less than the potential tax avoidance then you might have a profitable laundry outfit.
Look, if this was a single person who claimed to have lost a bunch of crypto to a hack, then you might plausibly weave this story, but it's not a single person. It's a bunch of random people. This bunch of random people didn't collude together to fake a hack to create tax losses to offset their realized capital gains from somewhere else. And even if they did do that, that wouldn't be called "money laundering", money laundering is something they would have to do later, to hide the origin off their newly-ill-gotten wealth.
Is there any site somewhere that lists the running total of all publicly acknowledged cryptocurrency heists? $650 million here and $182 million there, and at some point you're talking about real money...
I checked the leaderboard and it's missing Mt Gox, one of the few I'd heard of. $460M at the time, and about $29B in today's money if it were still bitcoins.
Thanks very much for this. I had seen this before but I somehow missed the "grift counter" in the lower righthand corner, which is just what I was looking for.
> Others were encouraged to deposit cryptocurrencies such as ether into a “silo” to build up the stablecoin’s reserves in exchange for voting rights over the operation of the organisation.
I’m not sure exactly what their reserves consisted of, but it could be mostly ether and similarly liquid currencies, rather than random ones. It sounds like the thing they stole was their non-random-currencies reserves that were supposed to be able to maintain the peg.
The loan part is really bizarre to me; how does one borrow 80m without the lender knowing who you are, why would a lender lend 80m without knowing the borrower, and if you're anonymous enough to steal the money from Beanstalk then why would you even pay the loan back? There are so many layers of insanity here.
OK, arguably a tiny about of risk from smart contract bugs in the flash loan code (but given the surface area of something like that, and such, it should be VERY small). The is exactly 0 risk from anything else though.
The loan is zero-risk for the lender because it's taken out and repaid within the same transaction (sort of like a database transaction). If the borrower fails to repay, the entire transaction fails/reverts and the money is never lent out.
Now, the borrower doesn't only have to put the borrow and repay calls into that one transaction. They can put anything in between, for example interacting with Beanstalk.
I'm not much for regulation of crypto/DeFi in general, but instant lending like this should absolutely, 100% be illegal. It's exclusively useful for exploits and MEV vampirism, and for nothing else.
You can't cash out flash loans, they need to repaid within the same block. The only legitimate use case seems to be arbitrage/stablecoin stabilization.
Consider that it was intentionally built to function this way. The only insanity then is the belief by whoever is ultimately liable on Beanstalks end that the this setup won't land them in jail. Who knows maybe this is ruled legal and anybody can launder money in any way they want so long as they oh shucks are too dumb to setup proper contracts.
This is possible because of a concept called a flash loan. Using a smart contract, you can borrow (without collateral) and the smart contract would reverse the transaction if the money is not repaid. There is a cost to borrowing, but in this case it obviously made sense. Cryptocurrency arbitrage bots were some of the first implementations of flash loans that I know of.
There's a 'steal all the money' DAO analogue of 'fire the missiles' for decentralized behavior. If someone achieves control, they can do _anything_ the system is authorized to do. Either the system can't fire the missiles, or it has to ensure the 'wrong' people can't achieve control, or that the cost of achieving control exceeds the value of the assets a controlling stake can direct.
Even a reasonable cost incentive may not be sufficient if enough of the controlling stake is available to borrow, or there's enough liquidity to allow someone to buy, exploit, and resell a controlling stake within a single transaction. That aspect is unclear in this scenario. Did the attacker repay the flash loan with stolen funds (netting ~$100m) or were they able to resell (unwind? return?) the controlling stake within the single transaction? If the former, shouldn't there be $80m floating around (former) holders of 'beans' to at least partially recover? If the latter, how was there enough liquidity to buy + resell a controlling stake's worth of tokens?
This is one of the problems with proof-of-stake, although the attack manifests differently and is much slower. Someone can borrow money, and pay higher yield than the normal staking yield, to buy staking power and change the rules to their favor. It's already happening and most people are staking through exchanges, instead of running their own staking nodes. It's a fundamental failure in the PoS incentive structure, and that's why it's inherently more risky than a proof-of-work system.
210 comments
[ 2.7 ms ] story [ 224 ms ] threadAt least they've sped up the normal leveraged buyout and corporate looting from months to mere seconds.
The same thing happened after the financial crash of 2008. Banks demanded to be bailed out because of the systemic risk to the American financial system. But when people started to demand that banks claw back the bonuses paid out, the banks said no. They claimed that would be government overreach.
Ah, the irony....
Not their fault that they read the contract more carefully than the contract writers did.
This was not related to the contract behaving in unexpected ways.
They figured human nature would keep them safe. And that no one who could muster the capital to perform this action would want to, and anyone that would want to wouldn't be able to muster the capital.
Technically, the risk of borrowing that amount of money is high. As is the risk of investing that amount of money into one coin. They figured anyone that would even begin to attempt something like that would operate in good faith. No way they'd tank the coin, because they have so much skin in the game.
Well, that doesn't matter when you can take your skin and go home. Not to mention the skins of everyone else, wearing them Hannibal Lecter style.
* Started with currencies that didn't allow flash loans. * Made a "we feel good about democracy of involvement" rule that supermajority could make any decisions with the funds "because we like people who invest in our work." * They added two currencies that supported flash loans. * Person or persons with currencies used flash loans to gain supermajority to transfer the funds out.
This is why banks are inefficient. There are (in theory) safeguards to transfers make it possible to stop or reverse activities. DeFi is forever going to be dealing with these issues after the fact.
Seems like in this case the outcomes were entirely predicted by the "attacker".
AFAIK but speculating every programming language has primitive recursive arithmetic.
There is no theory that says that there does not exist a program whose behavior can be predicted. We have just criminally underfunded research into formal verification; and somehow decided that even computationally limited, code is law programs handling millions of dollars don't need any type of formal verification
I don't really see how this is different.
Code is not law.
If you're not into the cryptocurrency mess, this reads like regular old hacking. "If code is law and your code allows me to execute arbitrary SQL queries, then this SQL injection is perfectly legal" doesn't hold up in court. The FBI will not let you go because technically you only asked the remote server to execute your request.
It does invalidate the "code is law" concept, but in the real world, code isn't law.
"Manipulating" doesn't seem like the right word here.
This is more like a billionaire buying up a popular social media platform and then once he owns the majority of it, deciding how it should operate.
Looking at the Terms and Conditions as well as the contract, this goes under "A fool and her money". There was no embezzlement at all, this contract literally said people with more money can potentially vote to take all the money. Which is madness, but people agreed to it.
Which is illegal, and will get you sued if you try it.
Code is not law, but this “attack” isn’t abusing the code so much as the basic premise of what the code is designed to do. This is the intended agreement
Here's the challenge, though: it is impossible to definitively say whether the functionality of a program is intended behavior or not. For a classical server that gets "hacked", the code is running on a server that someone owns and access to that server is defined by the owner. Similarly, the maintainer of the code decides whether the behavior of the code was intentional or not.
On a blockchain, there is no single server, the code is being executed on many machines. And you can't trust any individual, the author of the contract got their chance to clearly describe the intention of the code when they wrote it. There is literally no way to determine whether the contract was used as intended, or exploited. You can't go ask the author because they can just lie. The code is all you have.
But that doesn't mean "code is law". Consensus is law. The blockchain can be forked, the transaction reversed, and the contract amended.
> in the real world, code isn't law.
That hardly matters here.
Cryptocurrencies claim to be something else. Something that isn't government by terms of service, laws, etc. How else could you create a worldwide decentralized currency without adopting a rule that code is law.
My main objection is calling it law: if you’re scammed while purchasing illicit substances on a darknet marketplace, you have no legal recourse, but the marketplace’s rules can’t be called “law”, either.
No, it's not.
At best, there is some kind of implied-in-fact legal contract related to to the code in the “smart contract”.
“Code is law” is an aspirational slogan repeated by people who fetishize the former and oppose the latter, usually without understanding it (or either.)
You can have a contract that both parties thinks says one thing, but they each have something different in mind. That's a failure of mutual assent. You can have contracts where the thing which is contracted on becomes impossible. One party can misrepresent the contract, either deliberately or innocently. The contract can be agreed to under duress; or be so uneven in its obligations that is manifestly unconscionable.
To a greater or lesser extent, all these scenarios can give rise to rescission of contracts or their avoidance in courts of law. The idea that code is an unambiguous statement of the contract and therefore definitively legal and perfectly binding is nonsense.
The question isn't, "once we get these people in a room, how do we (as a legislative body) decide who owns what and compel the parties into cooperating?" The question is, "these parties are assumed to retain perfect anonymity, and they operated according to the design of the consensus-based system that we (as miners) agree to; are we ok with the outcome? Should we come to a consensus on an adjustment to the design?"
Smart contracts are unambiguous by definition. What you're describing is PEBKAC at best.
It doesn't matter whether the contract is unambiguously written if you sign it with a gun in your mouth.
There's no way to do this in code. You need a judicial system to make determinations on them based on facts. There is no "adjustment to the design" other than incorporating some kind of arbitrary undoing capability into smart contracts that defers to a legal oracle that consumes decisions of courts and applies them into the chain.
From the little I know of this case it seems likely that this should have been governed under securities law and all participants should have been kyc'd. If that didn't happen then it looks like someone was committing securities fraud.
The only real question is whether the machines think one bullet to the head is most efficient use of resources, one bullet per organ, or an equivalent mass of non-depleted (they don't care about radiation, the biosphere is not their problem) uranium to the target biomass.
In the same way that a serial killer is a “psychopath is law” problem.
The problem with both descriptions is that both use “law” to mean “something that happens and has consequences” rather than, well, law in any more specific sense.
> Smart contracts should be considered self-funded bug-bounty platforms.
[1] https://www.newyorker.com/magazine/2018/08/20/how-bill-browd...
There's a reason why "do what thou wilt shall be the whole of the law" is not the guiding principle for Western society.
So the true spirit of cryptocurrencies is that if there's a flaw in the smart contract, it's okay to exploit it.
In a way, every security measure at a bank is because of a previous attack. Those “undocumented pen testers” did help create the security.
these crypto heists exploit loose rules.
That's the point. It isn't, except in some fantasy world that does not exist.
Let me put it this way: if you don’t think you could tell a judge this without getting laughed at, while you’re wearing an orange jumpsuit and ankle bracelets and chains, it’s probably not real.
I also can't help but wonder whether these sorts of activities would be prohibited conduct under the Computer Fraud and Abuse Act, 18 U.S.C. 1030(a)(4), as the elements seem to be met:
"[Whoever] knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value" - where "authorized access" is liberally construed to mean the intent of the author of the mechanism in question.
Code I Laws just means that if code was executed in the way it was intended to work and you don't like it you don't revert your blockchain. You keep blockchain as is, because it's nature of blockchain. But you're free to go to the law enforcement guys, courts, whatever, to enforce government laws if you think they were broken.
Nature is decentralized. But if you car was burglarized, which is perfectly fine under laws of nature and the glass physics, you still call the centralized police.
That's people who lost the money can say. They call it attack, so I guess they have some grounds. And then the court decides who is right.
They fell for the Proof of Stake / Ayn Rand fallacy which is the assumption that anyone with a lot of money is a good person.
Btw, that's why proof of stake is so complex. They have to do all these complicated hacks to get stakers to be good.
[0] - https://www.investopedia.com/terms/p/proof-stake-pos.asp
[1] - https://twitter.com/FrankResearcher/status/15156938958872944...
I’m curious why controlling levels of the token were on the market, and I have to assume that’s what the creators didn’t account for: the possibility that the people who were supposed to manage this thing would be buyable at a realistic price. I’d also ask why there wasn’t some kind of time delay on important decisions like that? It’s pretty bizarre.
It doesn’t help that smart contracts are just not super easy to build. They’re just easy enough for you to think you can, but when I’ve dug into the actual complexities, it’s been pretty rough. It’s especially hard when each op costs gas, so you’re having to focus on security and efficiency at the same time. I have to imagine it disincentivizes more complex business logic around managing a DAO, like you’d expect for something like this.
From the article:
> A still-unidentified attacker had borrowed $80m in cryptocurrency and deposited it in the project’s silo, gaining enough voting rights in exchange to be able to pass any proposal instantly.
I’m not sure but my guess is that they basically had an uncapped token that mints in exchange for deposits, and that’s used for voting. So you didn’t need to buy off existing holders, just deposit more than everyone else put together and mint more tokens than have previously existed.
Well, that rescue package better be at least $500 million this time, or the guy's already written the code to do the same thing again, but $182m richer...
People worth their salt have known proof of stake has been broken for many years.
Question 1. Why do people trust the founders of these scams?
Question 2. Why do we refer to them still in mainstream discourse as systems that even qualify as cryptocurrencies?
Because a sizeable part of the population that doesn't care about cryptocurrency but cares about climate change has been sold on the idea of it. They were told that PoS can get by without the energy waste of PoW.
Marketing for PoS was pretty good.
Q2: Agreed - this does not qualify as "cryptocurrency".
Sounds like when I was a kid and my brother would make up a game with vague rules, but when I'd pay it in a way he didn't expect, he'd say, "no not like that!" and call our mom.
Congrats to whoever found the loophole and made nine figures!
Beanstalk apparently set up what amounts to staking system for votes. More money == more votes. Have enough money? Well, then you have the majority of votes and can do whatever you want.
This is precisely how the system was designed to work. They just didn't foresee someone building up a large enough stake to amass the voting power needed to undermine the system. And that is simply a failure of imagination and goes to show how naive these folks were.
The way this works in the real world is you have a limited number of shares that give individuals some number of votes, and those shares change hands. In order to build up a large enough position to control a company, you have to convince existing owners to give up their stake or vote with you.
But if every dollar contributed to a "silo" creates a new vote, then yeah, you're basically saying: If you're rich enough you can take control of the project by simply amassing a large enough fortune in the project.
There's probably things they could've done to reduce the likelihood of an event like this--e.g. requiring supermajority or unanimous voting for certain types of changes, for example--but they didn't, so here we are. The system worked as intended.
And yes, I really mean "intended". They intended for people with more money to have more of a voice. And this is the (extremely obvious) consequence of that choice.
The only money you would need is the cost of gas.
flash_loan(int amount_borrowed, func arbitrary_trades)
1. give LOANEE_ADDRESS amount_borrowed
2. call arbitrary_trades()
3. give LOANER_ADDRESS (amount_borrowed + interest)
When 2. is executed, the loanee has the money. When 3. is complete, the loaner has the money back. If the loanee doesn't have the money to give, 3rd step fails. And since its atomic, the whole transaction fails.
A single atomic transaction does:
1) Borrow $80M 2) Use $80M however you want 3) Return $80M + loan fees (e.g. on Aave this would be 0.09%)
The lender is algorithmically guaranteed to get the money back and the borrower can potentially take advantage of large scale transient opportunities, or...just wreak havoc on a poorly secured system.
More info here: https://docs.aave.com/developers/guides/flash-loans
(I don't know what the second question means or what your mental model of a "real" currency is)
You're assuming that it wasn't intentionally designed that way.
The regularity of these events should makes it impossible to believe that they're all accidents... it's also not possible to figure out exactly which ones are and which aren't, which is itself no accident. (Or in which cases a third party exploited the vulnerability prematurely...)
Particularly so in that the advertised functionality of the system was obviously a non-sustatinable ponzi scheme... It was always going to explode, the only uncertainty would be how.
If that happens, and you used some kind of personal credibility to set it up, you've missed your shot.
Just a python script to avoid that artificial inefficiency entirely.
Also as the other user posted, gas fees would cripple you on Ethereum. Pretty sure I spent $50 sending some money somewhere earlier.
So then you need an identity verification system, or at least some practical difficulty in creating many accounts without getting caught.
A supermajority was required. The attacker purchased enough LP tokens to secure one. At the moment of the attack they held about 70% of voting power.
Unanimous voting wouldn't have been particularly useful because it would never be used. You can't ever convince every last investor to log in and pay gas to vote on a governance measure.
There was a protection in place, which was that the measure must be up for 24 hours before it can be passed. But the critical flaw was that the contents of a measure can be swapped out by a supermajority token holder, even after the 24 hour cooldown period. The attacker threw up 2 measures, one pointing to a nonexistent contract address, and another dummy measure as a diversion that would have transferred $250,000 to Ukraine and $10,000 to a wallet they owned. The diversion worked, and everyone spent the 24 hour period discussing why someone thought they could hoodwink the LP token holders into swindling $10,000 from them, and more or less ignored the second measure. Then, during the attack, the attacker deterministically created the treasury liquidation contract at the formerly blank address and used the flash loaned supermajority to pass it.
Second, I am curious:
> There was a protection in place, which was that the measure must be up for 24 hours before it can be passed.
So what happens after that 24 hours? The way you've described it here, it sounds like there's an up/down voting system after the cooldown period to either confirm or block the proposed measure, but it's not clear to me how that works. Who has control over that final decision?
>So what happens after that 24 hours? The way you've described it here, it sounds like there's an up/down voting system after the cooldown period to either confirm or block the proposed measure, but it's not clear to me how that works. Who has control over that final decision?
Anyone with at least 0.15% (IIRC) of voting power could propose a measure, at which point it would show up on the web app frontend with every LP token holder's vote defaulting to "No". It would have to accrue "Yes" votes from holders of >50% of LP tokens within a certain time period to pass. Alternatively, holders of >2/3rds of LP token could force pass a measure immediately, though this wasn't implemented on the web app frontend. But each of these was subject to a 24 hour period -- no measure that hadn't been proposed at least 24 hours ago could pass, even by supermajority.
And I assume the decoy proposal was just a means to ensure no one realized what was going on and themselves use a flash loan to reduce the attacker's voting power below the 50% level needed to pass the proposal?
My favorite take on crypto commodity is that “They’re recreating and failing to solve problems that have been solved in traditional banking for hundreds of years”.
Maybe there is some upside where this is just all growing pains, or maybe it’s all garbage all the way through, I don’t know.
But it’s clear to me that technically smart does not mean economically wise.
So how long until the crypto speedrun of financial crises reaches, and then surpasses, the regular financial system and we see financial crises that haven't even happened yet in the regular financial system (but are likely to happen at some point in the future)?
They also didn't do any research on why a mountain of legislature, regulation, and case law that protects minority shareholders exists.
By the time you're playing with nine figure sums, one would expect that to be something they should have looked into!
Well, no, because the assumption among crypto libertarians is those laws and regulations are a product of a government that's a) incompetent and/or b) corrupt.
If you take it as a first principle that the current system is the one that's broken and that you're part of a grand mission to reinvent it, of course you're not going to waste your time trying to learn from it.
What basis would they have for calling this theft?
The sad thing: These aren't just anonymous crypto bros on a beach losing their tokens through theft, rugpulls, crashes, or other vulnerabilities. A lot of ordinary people are burning up their savings on these schemes (enabled by platforms like Coinbase and OpenSea and even Venmo) even as they urge other suckers and family members to get in on it.
https://www.youtube.com/watch?v=-DT7bX-B1Mg
TL;DR: Beanstalk violated several commonly known best-practices and are now suffering the consequences. This kind of economic vulnerability can barely be called an attack - certainly does not clarify as a "hack" and it's several years since the community learned from bzx and similar almost identical incidents what happens when you make irreversible decisions based on on-chain price oracles like Curve (which is jot the fault of Curve - they should just not be used this way!)
Hopefully the FBI recognizes this. If anything, Beanstalk promoters are responsible for irresponsible marketing and shifting blame.
> The lightning hostile takeover raises fresh questions about the unregulated nature of digital currencies and the lack of protections for investors.
No it doesn't. It's quite clear that there weren't any protection mechanisms at all. The kind of investors who put funds into contracts that can have those funds transferred out at the whim of a threshold of governance votes that are tradable on the public market must be aware of these risks - in particular sine it's the umpteenth time that in principle identical scenarios have played out over several years now.
No. How would that even work? Did all the beanholders conspire together to frame this hack? Even if they did, what they'd end up with is transforming a bunch of clean money into a bunch of dirty money. The point of money laundering is usually to do that thing in the other direction.
Yes, exactly, and that is distinctly different from your earlier hypothesis that the whole thing may have been a conspiracy to money launder on behalf of the people who lost money.
> Can these "losses" be used to avert taxes on the part of the "investor"? If the pain of the laundering is less than the potential tax avoidance then you might have a profitable laundry outfit.
Look, if this was a single person who claimed to have lost a bunch of crypto to a hack, then you might plausibly weave this story, but it's not a single person. It's a bunch of random people. This bunch of random people didn't collude together to fake a hack to create tax losses to offset their realized capital gains from somewhere else. And even if they did do that, that wouldn't be called "money laundering", money laundering is something they would have to do later, to hide the origin off their newly-ill-gotten wealth.
The pricing of widely known crypto is pretty dubious as it is. Pricing for off-brand cryptos is more marketing than fact.
> Others were encouraged to deposit cryptocurrencies such as ether into a “silo” to build up the stablecoin’s reserves in exchange for voting rights over the operation of the organisation.
I’m not sure exactly what their reserves consisted of, but it could be mostly ether and similarly liquid currencies, rather than random ones. It sounds like the thing they stole was their non-random-currencies reserves that were supposed to be able to maintain the peg.
Zero risk for the lender.
Now, the borrower doesn't only have to put the borrow and repay calls into that one transaction. They can put anything in between, for example interacting with Beanstalk.
I can get loans on my assets to participate in defi, arbitrage, & and literally cash out my money into a bank account if i so wished. Pretty useful.
https://www.coindesk.com/learn/2021/02/17/what-is-a-flash-lo...
Even a reasonable cost incentive may not be sufficient if enough of the controlling stake is available to borrow, or there's enough liquidity to allow someone to buy, exploit, and resell a controlling stake within a single transaction. That aspect is unclear in this scenario. Did the attacker repay the flash loan with stolen funds (netting ~$100m) or were they able to resell (unwind? return?) the controlling stake within the single transaction? If the former, shouldn't there be $80m floating around (former) holders of 'beans' to at least partially recover? If the latter, how was there enough liquidity to buy + resell a controlling stake's worth of tokens?
[0]: https://medium.com/@omniscia.io/beanstalk-farms-post-mortem-...
[1]: https://web3isgoinggreat.com/?id=beanstalk-farms-stablecoin-...