Beanstalk Farms Loses $182M Following Exploit

  • A flash loan allowed the attacker to obtain enough Beanstalk governance tokens to pass two proposals, enabling him to drain the protocol’s funds.
  • The malicious entity was able to steal 24,830 ETH and 36 million BEAN tokens, which were then laundered through TornadoCash.
beanstalk farms


Ethereum-based stablecoin protocol Beanstalk Farms has lost its $182 million total value locked (TVL) following a flash loan attack on Sunday, the company said in a post mortem on 17 April.

According to blockchain security firm PeckShield, the attacker was able to get away with around $80 million in various crypto assets, which caused the BEAN stablecoin to collapse from its $1 peg. Even though the attacker obtained around 24,830 ETH and 36 million BEAN, the total loss for the project is around $182 million. PeckShield tweeted:

While hacks and exploits are nothing new in the DeFi world, this time the malicious entity used the protocol’s governance against it. According to the summary, the attacker used a flash loan to accumulate a large amount of Beanstalk’s native governance token STALK, which he then used to pass his own governance proposals (BIP-18 and BIP-19). These proposals asked the protocol to donate funds to Ukraine, but instead sent the funds to the attackers wallet.

The attacker, however, did send 250,000 USDC to the Ukraine Crypto Donation wallet. He also laundered all of the stolen funds through Tornado Cash, which allows users to obfuscate crypto transactions.

In its post mortem, Beanstalk explained that its smart contracts have gone through a security audit from blockchain security firm Omnicia, however that was completed prior to introducing the flash loan vulnerability the attacker used. The team behind the project has reached out to the Federal Bureau of Investigation, stating it will “fully cooperate with them”, and has also asked the wider DeFi community to help it limit the attackers ability to withdraw funds through centralized exchanges (CEXs).

Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM


Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Zunami Protocol’s Stablecoin Pools Exploited, Suffers $2.1M Loss
  • DeFi yield aggregator Zunami Protocol confirmed that a hacker had attacked its “zStables” pools on Curve Finance using a price manipulation exploit.
  • Security firm PeckShield has estimated that over $2.1 million was lost during the attack, while SlowMist said it had informed Zunami of the vulnerability two months ago.