Security News > 2022 > April > Beanstalk cryptocurrency heist: scammer votes himself all the money
A new wave of cryptocurrency systems dubbed De-Fi, short for decentralised finance, has arisen to fill that transactional void.
Instead of depositing your funds with a licensed and regulated bank, and then trading with those funds by choosing from a carefully curated list of transaction types, De-Fi systems let you invest your money with them, in return for access to a "Smart contract" system that allows you trade automatically with other users of the system in a way to suit yourself.
3a. Borrow close to $100m in cryptocurrency from elsewhere in order to achieve the supermajority necessary to outvote everyone else.3b. Approve the "Emergency transaction" using the suddenly-acquired supermajority powers, transferring everything from Beanstalk to scammer.
Beanstalk's cryptocurrency token BEAN prided itself on being what's known as a stablecoin, meaning that the system varied the way it rewarded buying into and cashing out of the service in order to maintain a real-world value of about $1, thus avoiding the inherent fluctuations that effectively turned Bitcoin from a trading currency into an investment service.
Beanstalk has tried the approach that seemed to work for De-Fi outfit Poly Networks last year, when a hacker made off with hundreds of millions due to a smart contract exploit: grovel politely, and ask for the money back.
In the wake of yesterday's attack, Beanstalk Farms makes the following offer to the Exploiter: If you will return 90% of the withdrawn funds to the Beanstalk deployment wallet 0x21DE18B6A8f78eDe6D16C50A167f6B222DC08DF7, Beanstalk will treat the remaining 10% as a Whitehat bounty properly payable to you.