1. ETH Merge pushed back from targeted June to Q 3 2022 or later. Surprised?
2. ETH staking post merge will likely be lower than anticipated -Crypto Slate
3. Defi superstar Andre Cronje (CRON-YE) comes back after his 3rd rage quit and starts beating the crypto needs regulation drum - The Defiant
4. “Ethan Gach with Kotaku says” Crypto Gaming “Landlords” upset they can’t keep exploiting all the players. Diminishing returns of the play to earn game Axie infinity and showing that the long term model of some of the guilds is unsustainable long term. - Kotaku
5. New phishing attack that involves google ads… TradeDog on twitter says that over 4.31 MILLION has been exploited in this phishing attack - Tweet
6. Lazarus group, a North Korean based hacker group has claimed responsibility for the Ronin bridge attack. Last week we heard they might be responsible but this week it seems they are fully taking ownership of this insane hack - Cryptured
7. US House Democrats Call for Scrutiny on Crypto Mining as Environmental Threat

U.S. Rep. Jared Huffman (D-Calif.), who leads a subcommittee within the House of Representatives’ Natural Resources Committee, has recruited almost two dozen Democratic colleagues to urge federal environmental officials to devote further scrutiny to the consequences of cryptocurrency mining. - Coindesk

Beanstalk is a decentralized and transparent solution to DeFi’s endemic stablecoin supply shortage. It was designed from first principles to be a paradigm-shifting DeFi primitive that makes decentralized, cost-efficient stablecoins available to anyone with an internet connection.Beanstalk was initially launched in August 2021 with just 100 Beans and has never taken traditional funding. Over the last eight months, Beanstalk organically grew to $100M in market cap, attracting $144M in long term-incentivized liquidity.

• Beanstalk: The Path Forward

To date, flawed stablecoin implementations sacrifice the main benefits of decentralized computing by requiring trust in a centralized party and limit their potential market capitalization by imposing collateral requirements.A stablecoin that (1) does not compromise on decentralization, (2) does not require collateral, and (3) trends toward more liquidity and stability, will unlock the potential of
DeFi.We propose an Ethereum-native, credit based stablecoin protocol that issues an
ERC-20 Standard token that fulfills these requirements.An on-chain price oracle leverages an existing centralized bridge between the Ethereum blockchain and the rest of the world to create a decentralized, reliable and inexpensive source for the price of a nonEthereum-native value peg.A Decentralized Autonomous Organization (DAO) governed
by a yield generating, inflationary, ERC-20 Standard token simultaneously provides security, encourages consistent liquidity growth, and dampens price volatility.

1. Created two malicious governance proposals and submitted them to the governance contract and wait for 24hrs
2. AAVE FlashLoans sourced from Tornado Cash --> Synapse Protocol Bridge:
   350M DAI
   500M USDC
   150M USDT
3. Bought 32M BEAN on Uniswap V2
4. bought 11.6M LUSD?
5. These tokens were used to add liquidity to Curve pools with BEAN for the governance voting
6. Voted for and passed, BIP-18 & 19 (malicious proposals)
7. Pull back liquidity
8. Repay flash loans
9. Converted all received funds into 24,800 ETH ($76M)
10. ETH moved to TornadoCash
    – from BEANSTALK - REKT & PeckShield’s step by step

Presumably, to avoid suspicion of an inside job, Publius, the anon behind the protocol, took the decision to reveal their identity as a group of three in a statement published to Discord.

A robust decentralized governance mechanism must balance the principles of decentralization with resistance to attempted protocol changes, both malicious and ignorant, and the ability to quickly adapt to changing information.In practice, Beanstalk must balance ensuring sufficient time for all
ecosystem participants to consider a Beanstalk Improvement Proposal (BIP), join the Silo and cast their votes, with the ability to be quickly upgraded in cases of emergency.

A Voting Period opens when a BIP is submitted to the Ethereum blockchain and ends at the beginning of the 169th Season after it is submitted, or when it is committed with a supermajority

Thus, Beanstalk creates a cost-efficient protocol-native timekeeping mechanism
and ensures cost-efficient code execution on the Ethereum blockchain at regular intervals.

Seasons are the Beanstalk-native timekeeping mechanism. Each Season is ∼1 hour long.

• Variations in reports about how much was hacked from 76M to 182M. 76M was stolen, but BEAN token coin market cap after the attack represents the rest of the 182M

  

  

• Proposals were submitted 24hrs in advance: No one noticed or didn’t care? - “meh, they won’t pass so who cares?”
• I don’t see the malicious governance proposals on snapshot?
• We talked a lot about how to avoid a governance attack like this when we deployed GTC. Flashloan attack was not in our threat model because the liquidity didn’t exist initially.

• First flash loan governance attack?
• How many DAOs are currently vulnerable to this type of attack? Seems likely we’re going to see this type of attack again very soon.
• Keep an eye out for suspect governance proposals. You could make bank if spotted one of these attack in progress and acted accordingly.
• Beanstalk looks to have done a great job of communicating with their community about this hack.
• Delay of on-chain proposals is one way to prevent this
• 250k in stolen funds sent to Ukraine donation address. Should they send it back to BEAN?
• I, Degen optimism - Each new/novel defi attack is an opportunity to learn and build back stronger.