Verify a decision

{"actor":"system:backfill","investigation_id":"c8c9fc2c-9ea4-4bf1-8606-ce0fb1afb4ae","kind":"publish","page_slug":"bearnfi","published_at":"2026-05-21T18:45:40.610Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"BearnFi","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://peckshield.medium.com/bearn-fi-incident-inconsistent-asset-denomination-between-vault-strategy-9b24b68ab1c0","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/defi-protocol-bearn-suffers-11m-flash-loan-attack/","type":"other","url":""},{"credibility":3,"name":"https://bearndao.medium.com/bvaults-busd-alpaca-strategy-exploit-post-mortem-and-bearn-s-compensation-plan-b0b38c3b5540","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/bearn-rekt/","type":"other","url":""},{"credibility":3,"name":"https://github.com/OriginProtocol/security/blob/master/incidents/2021-05-16-BearnFi.md","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/bearn-rekt/","type":"other","url":""},{"credibility":3,"name":"https://peckshield.medium.com/bearn-fi-incident-inconsistent-asset-denomination-between-vault-strategy-9b24b68ab1c0","type":"other","url":""},{"credibility":3,"name":"https://www.bsc.news/post/bearn-jan-2021-review","type":"other","url":""},{"credibility":3,"name":"https://www.vidma.io/blog/the-bearn-exploit-a-18-million-lesson-in-defi-smart-contract-vulnerabilities","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://bearndao.medium.com/bvaults-busd-alpaca-strategy-exploit-post-mortem-and-bearn-s-compensation-plan-b0b38c3b5540","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/defi-platform-bearn-fi-promises-105-compensation-after-10-million-hack-but-is-it-the-right-thing/","type":"other","url":""},{"credibility":3,"name":"https://www.bsc.news/post/victims-of-latest-defi-bearn-fi-exploit-receives-assurance-of-complete-compensation","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://bearndao.medium.com/official-ama-with-the-bearn-fi-team-8d814d09d60d","type":"other","url":""},{"credibility":3,"name":"https://bearndao.medium.com/bearn-fi-introduction-9e65f6395dfc","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coinlore.com/coin/bearn-fi","type":"other","url":""},{"credibility":3,"name":"https://coinpaprika.com/coin/bfi-bearnfi/","type":"other","url":""},{"credibility":3,"name":"https://stack.money/asset/bearn-fi","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/OriginProtocol/security/blob/master/incidents/2021-05-16-BearnFi.md","type":"other","url":""},{"credibility":3,"name":"https://protos.com/bsc-binance-smart-chainflash-loan-attacks-crypto-may/","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/the-10-biggest-defi-hacks-of-2021-a-recap","type":"other","url":""},{"credibility":3,"name":"https://www.chainsec.io/defi-hacks","type":"other","url":""}]}],"sources_used":[],"summary":"bEarn.fi (BearnFi) is a Binance Smart Chain-based cross-chain yield farming and algorithmic stablecoin protocol that launched in late 2020. On May 16, 2021, an attacker exploited a smart contract denomination mismatch to drain approximately $10.85 million in BUSD from the protocol's bVaults via a flash loan attack. The project subsequently became inactive, with its native BFI token recording no price data after mid-2023 and a market capitalization of effectively zero. The entity has been flagged by ZachXBT.","timeline":[{"date":"2020-11-01","event":"bEarn.fi protocol launches on Binance Smart Chain, offering cross-chain yield farming, algorithmic stablecoin, and related DeFi products.","source":""},{"date":"2021-01-01","event":"bEarn.fi January review published; CertiK audit of the bDollar smart contract reported as in progress but not yet completed.","source":""},{"date":"2021-05-16","event":"Flash loan exploit occurs at 10:36:20 AM UTC. Attacker borrows 7.8M BUSD from Cream Finance and executes 26-30 deposit/withdrawal cycles against the bVaults BUSD Alpaca strategy, draining approximately $10.85 million in BUSD.","source":""},{"date":"2021-05-16","event":"bEarn team freezes all bVaults, contacts Binance to flag attacker address 0x47f341d896b08daacb344d9021f955247e50d089, and engages CertiK and PeckShield.","source":""},{"date":"2021-05-17","event":"bEarn team publishes post-mortem and announces 105% compensation plan for affected users: 87.5% BUSD + 7.5% BDOv2 immediately, 10% BDEX vested over 80 weeks.","source":""},{"date":"2021-05-17","event":"PeckShield publishes technical analysis confirming root cause as inconsistent asset denomination (BUSD vs ibBUSD) between BvaultsBank and BvaultsStrategy contracts.","source":""},{"date":"2021-05-17","event":"Yearn Finance developer Banteg criticizes bEarn's immediate compensation promise, warning it creates a distorted perception of risk for DeFi users.","source":""},{"date":"2023-08-10","event":"Last recorded price data for BFI token per market data aggregators. Protocol activity effectively ceases with market capitalization falling to zero.","source":""}]},"v":1}