The Beanstalk cryptocurrency has been stripped of reserves valued at more than $180m (£138m) in seconds, after an attacker used borrowed money to snap up enough voting rights to transfer the money away.
The lightning hostile takeover raises fresh questions about the unregulated nature of digital currencies and the lack of protections for investors.
Describing itself as a “decentralised credit based stablecoin protocol”, Beanstalk offers a cryptocurrency, called beans, intended to have a stable value of $1 a coin. It effectively operated as a bank, letting savers (“bean farmers”) make deposits (of “beans” into a “field”), and using their savings to ensure that the value of a single bean stayed as close to $1 as possible.
Others were encouraged to deposit cryptocurrencies such as ether into a “silo” to build up the stablecoin’s reserves in exchange for voting rights over the operation of the organisation. On Sunday night, one such vote resulted in Beanstalk’s entire silo, worth around $182m at market rates, being transferred out of the organisation.
A still-unidentified attacker had borrowed $80m in cryptocurrency and deposited it in the project’s silo, gaining enough voting rights in exchange to be able to pass any proposal instantly. With that power, they voted to transfer the contents of the treasury to themselves, then returned the voting rights, withdrew their money, and repaid the loan – all in a matter of seconds.
“It’s very like a hostile corporate raid funded by junk bonds – except it was over in 10 seconds,” said David Gerard, the author of Attack of the 50 Foot Blockchain. “In regulated markets, we have laws and regulations on how you can take over a company and drain it, but it’s not clear that this action was
Read more on theguardian.com