On May 2021, bEarn was exploited in a business logic flaw, resulting in approximately $11M in losses. That makes the bEarn exploit the 28th largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the bEarn Business Logic Flaw Played Out
Exploit Class Applied to bEarn
The bEarn incident on May 16, 2021 is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share. In the full archive, bEarn is 1 of 144 documented business logic flaw incidents.
bEarn in Context
At $11M, the bEarn exploit is a major ($10M–$100M) event compared to the largest same-class incident in our archive — – EulerFinance (2023) at $200M.
Prior Business Logic Flaw Before bEarn
The nearest business logic flaw incident before bEarn was Spartan, 14 days earlier on May 2, 2021 ($30.5M lost). The same exploit class surfaced again within the business logic flaw attack surface.
bEarn Vulnerability Signature
The primary source categorises the bEarn exploit specifically as “Logic Flaw”. This narrower label is entity-specific: it reflects how the bEarn contract failed, rather than the broad business logic flaw pattern alone.
Impact & Recovery for bEarn
bEarn Loss Figure
The bEarn exploit caused $11,000,000 in losses — a major ($10M–$100M) incident and the 5th largest of 37 documented in 2021. This single incident represents 5.2% of all tracked losses that year.
Where bEarn Sits Among Business Logic Flaw Attacks
Ranked by loss size, bEarn is the 8th largest of 144 business logic flaw incidents documented. That puts the bEarn loss above the class average of $6.08M.
Timeline Since the bEarn Incident
The bEarn exploit occurred 4.9 years ago (1,794 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for bEarn
Public post-mortem / on-chain analysis for the bEarn incident: view source.
FAQ
How much did bEarn lose?
The bEarn exploit in May 2021 resulted in $11,000,000 in losses — the 5th largest of 37 DeFi incidents that year.
When did the bEarn hack happen?
The bEarn exploit was recorded on May 16, 2021 — 1,794 days ago.
What type of exploit hit bEarn?
The bEarn incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.
How common is the Business Logic Flaw pattern seen at bEarn?
Our archive contains 144 documented business logic flaw incidents. The bEarn incident is one of them.
How does bEarn compare to the largest Business Logic Flaw attack?
The largest business logic flaw incident in our archive is – EulerFinance (2023) at $200M. The bEarn loss is $11M.
Explain the role of MQTT in the system.
MQTT facilitates lightweight, secure communication between IoT devices and the blockchain network.
What is the main objective of the study discussed in the document?
To examine the impact of trading volume, information demand, stock returns, and exchange rates on the volatility of returns for cryptocurrencies like Bitcoin, Ether, and XRP.