Written by – @rossboothr
*I was not invested in Beanstalk when the exploit occurred, nor am I now.
DeFi exploits have been hitting with an unpleasantly regular cadence. This one has shaken the community in a big way and been the focus of countless conversations. The cause of the hack can be digested with little complexity. I believe this has fueled its popularity.
For those unaware, the attacker of the BEAN exploit was able to run away with $76 million in profit through a flash loan used to execute a malicious governance proposal. Flash loans enable users to take out a loan and repay it within the same transaction.
For this to be possible – the loan, activity, and repayment are written into a smart contract that can be deployed in a single transaction. If the end code specifying the loan repayment fails, then the transaction doesn’t execute at all. No risk to the person(s) behind the screen.
In this case, the attacker took a flash loan for around a billion dollars and used that to strategically gain 70% of governance voting power on Beanstalk. This was done by converting Curve LP tokens to “Seeds”. You can read the full breakdown here:
Another "crypto hack made simple" thread for ya. @BeanstalkFarms, a DeFi protocol, was just exploited for about $75m worth of Ether (~25k ETH). Here's how the heist went down.
— smartcontracts 🔴✨ (@kelvinfichter) April 17, 2022
In essence, the attacker was able to exploit Beanstalk’s governance rules through the billion dollars obtained from their flash loan. With this power, they proposed a Beanstalk Improvement Proposal (BIP) to transfer all assets out of the BEAN contract, totaling $180 million.
After removing liquidity + repaying flash loans + converting to WETH, the attacker made off with $76 million.
This one hurt the space. It impacted thousands financially and put the rest of us on high alert. Every exploit comes with lessons to internalize for future situations. Rarely do you find a winner who doesn’t know what it’s like to lose. Here’s my biggest takeaway from the situation, as an outsider.
Diversify, Diversify, & Diversify
You’ve heard it before, likely 100+ times. But the takeaway here will come from a different angle.
As we delve further into the crypto rabbit hole, our investment strategies evolve in complexity. But early on, our crypto portfolio may look something like this:
• 50% BTC/ETH/Alt-L1s
• 45% Alt-coins tradeable on a CEX
• 5% stables with no intention to hold
We follow high-level narratives, give little thought to portfolio diversification, and hope for a shit-coin pump to the moon.
With time, we move off of CEXs, build conviction around a few major plays, realize BTC/ETH should be a majority of our portfolio, and adopt a few more stablecoins into the mix.
Cue yield farming, staking, LP participation, and all the other degen activities.
We also develop a level of sophistication in our outlook. We live through rug-pulls and smart contract exploits. We see first-hand the need for a measured and diversified approach to investing.
But does this translate to our stablecoin holdings?
Maybe not so much.
Stablecoins exist in several forms:
• Dollar-backed (USDT, USDC)
• Over-collateralized with decentralized assets (DAI)
• Algorithmically pegged (UST, FRAX)
• Credit-based stability (BEAN)
In reality, there is some overlap between the categories, but this remains an appropriate categorization nonetheless.
As our portfolio grows, I believe it is imperative to diversify even our stablecoin exposure. There are risks associated with each and diversification is a proven hedge to these risks.
The BEAN exploit taught us this in a big way. Those who were overexposed to the Beanstalk ecosystem remain devastated.
Whether stables are 5%, 20%, or 50% of your overall portfolio, they can be similarly diversified. First, decide what percentage of your stables you’d like dedicated to each type.
This could be 50% dollar-backed, 25% over-collateralized, & 25% algorithmic. That’s up to you. I’d then choose 1-3 stablecoins within each type, and diversify evenly amongst them.
Putting it all together with some yield strategies:
• 50% dollar-backed
• 25% USDT (3pool on Convex for 1.9% APR)
• 25% USDC (3pool on Convex for 1.9% APR)
• 25% over-collateralized
• 25% DAI (3pool on Convex for 1.9% APR)
• 25% algorithmic
• 12.5% UST (Anchor for 19.3% APR)
• 12.5% FRAX (FRAX pool on Convex for 7% APR)
Altogether, this stablecoin approach would be earning nearly 5% APR. There is opportunity to increase this significantly if you’re comfortable staking on lesser-known protocols and blockchains.
I’d recommend a diversification approach with three major factors in mind:
• Your long-term conviction around a stable
• The yield you can receive on that stable
• The risks associated with that stable
If you have 10+ stablecoins that check each of these boxes, and the time to manage them all – go for it. This approach would have protected many BEAN investors from such significant losses.
The core message here is that all non-custodial, permissionless investments pose a new set of risks. Risks that can’t be remediated by a bank, brokerage, or centralized institution.
With decentralized opportunity comes great responsibility – and part of this responsibility is hedging your risk through portfolio diversification.
Stablecoin diversification is an overlooked but important part of that, and the BEAN exploit showed us why.
Thanks for reading! If you want more DeFi investment strategies, follow me on Twitter @rossboothr