Share this article
Attacker Drains $182M From Beanstalk Stablecoin Protocol
The flash-loan attack becomes the second nine-figure DeFi exploit in a month.
By Sam Kessler
Updated Apr 9, 2024, 11:14 p.m. Published Apr 17, 2022, 6:30 p.m.
Make us preferred on Google
Beanstalk Farms, an Ethereum-based stablecoin protocol, was exploited for $182 million Sunday.
The attack was flagged on Twitter by blockchain security firm PeckShield, which said the attacker made away with at least $80 million in crypto, although the losses suffered by the protocol were much larger.
STORY CONTINUES BELOW
The market for Beanstalk’s BEAN stablecoin collapsed as a result of the attack. At press time, the token was down 86% from its $1 peg, according to CoinGecko.
1/ The @BeanstalkFarms was exploited in a flurry of txs (https://t.co/PMsdP5dnJG and https://t.co/wyHe3ARZgU),
— PeckShield Inc. (@peckshield) April 17, 2022
leading to the gain of $80+M for the hacker (The protocol loss may be larger), including 24,830 ETH and 36M BEAN.
When reached for comment, Beanstalk pointed CoinDesk to a post in its Discord server summarizing how the attack occurred.
According to the summary, the attacker took out a flash loan on lending platform Aave, which was used to amass a large amount of Beanstalk’s native governance token, stalk. With the voting power granted by these stalk tokens, the attacker was able to quickly pass a malicious governance proposal that drained all protocol funds into a private Ethereum wallet.
According to PeckShield, the attacker laundered all stolen funds through Tornado Cash, which enables users to send and receive crypto while obfuscating its source.
Project leads wrote in the attack summary:
“Beanstalk did not use a flash loan resistant measure to determine the % of Stalk that had voted in favor of the [governance proposal]. This was the fault that allowed the hacker to exploit Beanstalk.”
Beanstalk’s smart contracts were audited by the blockchain security firm Omnicia. However, the audit was completed before the introduction of the flash loan vulnerability, the firm said in a Sunday post-mortem.
Beanstalk declined to provide details to CoinDesk regarding whether funds would be reimbursed to users, saying more news will be coming in a town hall event scheduled for Sunday.
The attacker appeared to donate $250,000 of the stolen funds to a Ukrainian relief wallet, according to PeckShield.
This is the latest in a string of major decentralized finance (DeFi) exploits to occur in the past few weeks. In March, Axie Infinity’s Ronin Blockchain was exploited for $625 million in an attack that U.S. officials have linked to North Korea.
UPDATE (April 18, 14:19 UTC): Added information about Tornado Cash.
More For You
Pudgy Penguins is building a multi-vertical consumer IP platform — combining phygital products, games, NFTs and PENGU to monetize culture at scale.
What to know:
Pudgy Penguins is emerging as one of the strongest NFT-native brands of this cycle, shifting from speculative “digital luxury goods” into a multi-vertical consumer IP platform. Its strategy is to acquire users through mainstream channels first; toys, retail partnerships and viral media, then onboard them into Web3 through games, NFTs and the PENGU token.
The ecosystem now spans phygital products (> $13M retail sales and >1M units sold), games and experiences (Pudgy Party surpassed 500k downloads in two weeks), and a widely distributed token (airdropped to 6M+ wallets). While the market is currently pricing Pudgy at a premium relative to traditional IP peers, sustained success depends on execution across retail expansion, gaming adoption and deeper token utility.
More For You
MegaETH mainnet to go live Feb. 9 in major test of ‘real-time’ Ethereum scaling
This follows its October 2025 $450 million token sale that was heavily oversubscribed.
What to know:
- MegaETH, the much-watched high-performance Ethereum layer-2 network, announced that its public mainnet will go live Feb. 9, marking a major milestone for a project that has gained a lot of attention in the scaling landscape.
- MegaETH positions itself as a “real-time” blockchain for Ethereum, designed to deliver ultra-low latency and massive transaction throughput.
Top Stories
