Beanstalk Farms offers plea deal to perpetrators of $76M exploit

cointelegraph.com:

Beanstalk Farms, a credit-based stablecoin protocol exploited for around $76 million in crypto on April 18, has offered a bounty of 10% if the attackers return the funds. 

The offer was posted on the company’s Twitter and sent to the attackers via an on-chain message the following day. It proposed that the exploiters return 90 percent of the stolen funds to the Beanstalk Farms' multi-sig wallet.

In return, the exploiters will be allowed to keep the remaining 10 percent as a whitehat bounty — a deal offered by platforms to reward individuals for reporting security exploits and vulnerabilities.

As reported by Cointelegraph, the $76 million exploit, which was initially thought to be around $182 million, was not considered a hack as the smart contracts and governance procedures used to carry out the transfer had functioned as designed. 

If you will return 90% of the withdrawn funds to the Beanstalk Farms multi-sig wallet 0x21DE18B6A8f78eDe6D16C50A167f6B222DC08DF7, Beanstalk will treat the remaining 10% as a Whitehat bounty properly payable to you.

During a podcast on Monday, Beanstalk founders, including Benjamin Weintraub, Brendan Sanderson and Michael Montoya, admitted that flaws in its design “ultimately led to its undoing.” A statement on Tuesday affirmed that a previously-unknown issue with Beanstalk’s governance process was the mechanism used for the exploit.

Related: Beanstalk Farms loses $182M in DeFi governance exploit

The Tuesday statement also added that it temporarily shut off protocol governance and paused Beanstalk while it prepared a strategy to re-launch with a path forward.

Spokesperson Weintraub returned to the podcast on Tuesday, discussing a path forward for the company, which includes some sort of