Beanstalk Farms Loses $182M Following Exploit

  • A flash loan allowed the attacker to obtain enough Beanstalk governance tokens to pass two proposals, enabling him to drain the protocol’s funds.
  • The malicious entity was able to steal 24,830 ETH and 36 million BEAN tokens, which were then laundered through TornadoCash.
beanstalk farms


Ethereum-based stablecoin protocol Beanstalk Farms has lost its $182 million total value locked (TVL) following a flash loan attack on Sunday, the company said in a post mortem on 17 April.

According to blockchain security firm PeckShield, the attacker was able to get away with around $80 million in various crypto assets, which caused the BEAN stablecoin to collapse from its $1 peg. Even though the attacker obtained around 24,830 ETH and 36 million BEAN, the total loss for the project is around $182 million. PeckShield tweeted:

While hacks and exploits are nothing new in the DeFi world, this time the malicious entity used the protocol’s governance against it. According to the summary, the attacker used a flash loan to accumulate a large amount of Beanstalk’s native governance token STALK, which he then used to pass his own governance proposals (BIP-18 and BIP-19). These proposals asked the protocol to donate funds to Ukraine, but instead sent the funds to the attackers wallet.

The attacker, however, did send 250,000 USDC to the Ukraine Crypto Donation wallet. He also laundered all of the stolen funds through Tornado Cash, which allows users to obfuscate crypto transactions.

In its post mortem, Beanstalk explained that its smart contracts have gone through a security audit from blockchain security firm Omnicia, however that was completed prior to introducing the flash loan vulnerability the attacker used. The team behind the project has reached out to the Federal Bureau of Investigation, stating it will “fully cooperate with them”, and has also asked the wider DeFi community to help it limit the attackers ability to withdraw funds through centralized exchanges (CEXs).

Related Coverage
Exploiter Returns 90% of “Recoverable Funds” to Euler Finance
  • The remaining $31 million worth of crypto assets were returned late on Monday, marking a successful end to Euler Finance’s recovery efforts.
  • The total value of assets returned is a little over $177 million, which is 90% of the “recoverable funds” after adjusting for the 10% bounty previously offered.
April 4, 2023, 3:32 PM


Hacker Steals $9M from SafeMoon
  • SafeMoon said that only its SFM:BNB liquidity pool (LP) was affected, and that it had located the suspected exploit, and patched the vulnerability.
  • The bug was allegedly introduced with the latest SafeMoon upgrade, and allowed the attacker to burn the majority of SFM in the pool, artificially inflating its price.
Euler Finance Gives $200M Exploiter an Ultimatum
  • DeFi lending protocol Euler Finance has given the exploiter 24 hours to return 90% of the $197 million he stole in a flash-loan attack on Monday.
  • If the funds were not returned in time, the protocol is ready to post a $1 million bounty on any information that could lead to the arrest of the attacker.