Beanstalk Farms governance attack
The Ethereum stablecoin protocol Beanstalk lost about $182M in April 2022 when an attacker used a flash loan to borrow enough governance tokens to pass a malicious proposal that drained the protocol's funds in a single transaction.
Also known as: Beanstalk, Beanstalk Farms, BEAN
Summary
Beanstalk was an Ethereum-based credit and algorithmic-stablecoin protocol governed by holders of its STALK token. In April 2022 an attacker took out a large flash loan, used the borrowed assets to acquire a supermajority of governance power, and pushed through a malicious proposal that transferred the protocol's reserves to themselves — netting about $182 million — all within one transaction, before repaying the loan. [1][2]
Aftermath
Security firms described it as a "governance attack" exploiting Beanstalk's instant on-chain voting. The exploit drained the protocol's liquidity and collapsed its BEAN stablecoin's peg; the project later relaunched. [1][2]
Bracketed numbers refer to the numbered sources listed below.
Linked scams & cases
- Euler Finance hackRelatedProjectsThe Ethereum lending protocol Euler Finance lost about $197M in a March 2023 flash-loan attack exploiting a flawed 'donate' function. After weeks of on-chain negotiation, the attacker returned essentially all of the recoverable funds.
- Harvest FinanceRelatedProjectsA yield-farming protocol exploited on October 26, 2020 in a flash-loan attack that manipulated Curve pool prices to drain its USDC and USDT vaults. Estimates ranged from ~$24M to ~$33.8M; the attacker returned about $2.5M.
- Platypus Finance
People & entities involved
Sources (2)
See also
- Loci (LOCIcoin)TokensA 2017–2018 ICO for 'LOCIcoin' tied to the InnVenn IP-search platform. The SEC charged Loci and CEO John Wise with fraud for raising $7.6M on false claims about revenue, headcount, and user base; Wise also misused investor funds. Settled with a $7.6M penalty and an officer/director bar.
- Blockchain Terminal (BCT)TokensA 2017–2018 ICO (BCT tokens, ~$30M) for a 'Blockchain Terminal' — a Bloomberg-style crypto trading terminal. The SEC and DOJ said convicted ex-hedge-funder Boaz Manor secretly ran it under a fake identity ('Shaun MacDonald'), using associate Edith Pardo as a front, and lied about the product's adoption.
- Crowd Machine (CMCT)Tokens
This page was last updated on Jun 8, 2026. View revision history.