Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 089Flash Loan Attack

Beanstalk Governance Flash Loan

A $1B flash loan bought 67% of Beanstalk governance in one block, long enough to pass a proposal that drained the treasury. Attacker netted $76M of $182M lost.

Date
Victim
Beanstalk Farms
Chain(s)
Ethereum
Status
Funds Stolen

On April 17, 2022, an attacker drained $182 million from the Beanstalk Farms stablecoin protocol after using a $1 billion flash loan to temporarily acquire a majority of the protocol's governance and pass a malicious proposal — all in a single transaction.

What happened

Beanstalk was an algorithmic stablecoin protocol where the governance token, Stalk, was earned by depositing assets into the protocol. Critically, voting power on governance proposals was calculated from current Stalk holdings at the time of the vote, with no time-weighting or flash-loan resistance.

The attacker submitted a proposal one day earlier — innocuous on its surface — that scheduled a transfer of the protocol's reserves to an attacker-controlled address. Under Beanstalk's rules, the proposal needed a two-thirds supermajority to pass immediately.

The next day, in a single transaction, the attacker:

  1. Took flash loans of approximately $1B in DAI, USDC and USDT from Aave.
  2. Deposited the borrowed stablecoins into Beanstalk, instantly earning enough Stalk to control over 67% of governance.
  3. Voted yes on their pre-positioned malicious proposal — passing the supermajority threshold.
  4. Executed the proposal, transferring $182M of treasury assets to themselves.
  5. Repaid the flash loans, netting ~$76M in profit after slippage and gas.

Aftermath

  • The Beanstalk team paused the protocol immediately.
  • The attacker swapped Beanstalk's stolen BEAN tokens for ETH and sent the funds to Tornado Cash, with the curious detour of sending $250,000 to the Ukraine Crypto Donation wallet.
  • Beanstalk was relaunched months later with the same product but redesigned governance: minimum holding periods before votes count, time-weighted Stalk, and emergency multi-sig veto.
  • The original $182M was never recovered.

Why it matters

Beanstalk crystallised the rule that on-chain governance is only as secure as the cost of acquiring its decision-making power. Any system where voting power can be obtained instantaneously — by flash loan, lending, or borrow — and exercised in the same transaction is vulnerable. Modern governance designs require token lockups, vote delays, or conviction voting specifically to defeat this pattern.

Sources & on-chain evidence

  1. [01]bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/beanstalk-defi-platform-loses-182-million-in-flash-loan-attack/
  2. [02]coindesk.comhttps://www.coindesk.com/tech/2022/04/17/attacker-drains-182m-from-beanstalk-stablecoin-protocol
  3. [03]theregister.comhttps://www.theregister.com/2022/04/18/beanstalk_loses_182m_flash_loan/

Related filings