Credit-based stablecoin protocol Beanstalk Farms, which lost $76 million due to a security vulnerability on April 18, promised a 10% reward to attackers if they returned the money.
The offer was posted on the company’s Twitter account and sent to the attacker the next day via an on-chain message. Cyber attackers were offered to send 90 percent of the stolen money to Beanstalk Farms’ multi-signature wallet.
In return, cyber-attackers will be allowed to keep the remaining 10 percent as a reward for finding bugs.
$76 million of which $182 million was originally thought to have been stolen security vulnerabilityis not considered a hack because the smart contracts and management procedures used to perform the transaction work in accordance with the design.
If you will return 90% of the withdrawn funds to the Beanstalk Farms multi-sig wallet 0x21DE18B6A8f78eDe6D16C50A167f6B222DC08DF7, Beanstalk will treat the remaining 10% as a Whitehat bounty properly payable to you.
— Beanstalk Farms (@BeanstalkFarms) April 18, 2022
Beanstalk’s founders, Benjamin Weintraub, Brendan Sanderson, and Michael Montoya, admitted on a podcast they attended Monday, that design flaws led to this situation. In the announcement made on Tuesday, it was stated that the security vulnerability was a previously unknown error in Beanstalk’s management process.
Protocol governance has also been temporarily shut down and will remain closed until Beanstalk prepares a strategy for a future restart.