This article is more than 1 year old

Beanstalk loses $182m in huge flash-loan crypto heist

A lesson learned the very hard way

Beanstalk Farms, a decentralized finance (DeFi) platform, said it lost all of its $180 million collateral over the weekend.

Someone managed to game Beanstalk by investing enough funds to gain control of the system and promptly drained its holdings.

Beanstalk works by letting people buy beans, which are pegged at about $1 each, and earn interest. Crucially, the system was designed so that its participants can vote on changes to the platform, with the strength of their vote determined by how invested they are in the platform.

Over the weekend, someone took out a brief but massive loan to acquire enough voting rights to make the necessary governance changes to siphon off all of Beanstalk's reserves. In response, the price of each Bean plummeted to near zero before recovering to about a dollar, as per its stablecoin design, and the Beanstalk team called on the cryptocurrency world to block the movement of its harvested funds.

"We're engaging all efforts to try to move forward," the Beanstalk folks tweeted on Sunday. "As a decentralized project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter's ability to withdraw funds via centralized exchanges. If the exploiter is open to a discussion, we are as well."

Meanwhile, the miscreant made off with what looked liked at least $80 million in Ethereum and Beans in the heist and laundered it via Tornado Cash, a crypto-coin mixing service, according to blockchain security firm PeckShield. The total loss to the Beanstalk protocol was said to be about $180 million.

We're told the crook used what's called a flash loan to drum up the needed funds to gain sufficient governance rights over Beanstalk: some $1 billion in crypto-coins from the Aave lending protocol were obtained, and used to get enough of Beanstalk's governance tokens to approve a proposed movement of the collateral, before it was all paid back. Flash loans are awarded and paid back in a single blockchain transaction; it can take just seconds to get the money and return it.

"Hackers like to use the flash loan since they don't even have to risk their own capital, and the wallets don't get traced back to them, since they are using someone else's funds," Check Point security researchers noted in March. Last year another DeFi platform, CREAM Finance, lost at least $18 million in cryptocurrency in a flash-loan attack.

In a postmortem examination of the Beanstalk fiasco by Omniscia's smart-contract auditors, they explain how a flaw in Beanstalk's design "compromised the protocol's governance mechanism, ultimately permitting the attacker to conduct an emergency execution of a malicious proposal siphoning project funds." In other words, there wasn't sufficient built-in protection against this kind of snatch-and-run caper.

The crook first put forward a governance proposal requesting donations for Ukraine. As smart-contract auditor BlockSec explained, the proposal contained a malicious smart contract to be executed when the proposal passed, which would transfer the funds from the protocol into the thief's control. The thief waited a day until they could deposit the flash-loaned tokens to gain the necessary voting power to execute the contract, obtained the funds, and repaid the loan.

Beanstalk did not immediately respond to The Register's inquiries. It's feared the project is now dead because without any other financial backing, nor bailout on the horizon, and with all of its collateral gone, it's game over, with Bean holders left out of pocket to the tune of thousands of dollars. ®

More about


Send us news

Other stories you might like