Beanstalk Governance Attack

On April 17, 2022, an attacker exploited Beanstalk Farms' governance mechanism using a Flash Loan to borrow over $1 billion, gain supermajority voting power, and drain approximately $182 million from the protocol in a single transaction. The attack demonstrated that on-chain governance without execution delays is fundamentally broken when voting power can be acquired instantaneously.

---

Summary

• Attacker flash-loaned $1B+ from Aave, Uniswap, and SushiSwap to gain 79% voting power
• Exploited emergencyCommit() function allowing same-block proposal execution
• $182M total value lost; attacker netted ~$76M in profit (24,830 ETH)
• Attack vector: governance tokens (Stalk) could be acquired via flash loan with no cooldown
• Funds laundered through Tornado Cash in 270 transactions; $250K donated to Ukraine
• Beanstalk relaunched 4 months later via "Barn Raise" recapitalization

---

The Trigger

Beanstalk's governance design contained a critical flaw: the emergencyCommit() function allowed proposals to execute immediately upon reaching 67% approval, with no delay between voting and execution. Combined with the fact that voting power (Stalk tokens) could be acquired by depositing assets into the Silo—including assets obtained via flash loan—the protocol was vulnerable to a single-transaction takeover.

The attacker identified this vulnerability and constructed a two-phase attack:

1. April 16: Submit malicious proposals (BIP-18 and BIP-19) with a 24-hour waiting period
2. April 17: Flash-loan enough assets to achieve supermajority, vote, and execute in one transaction

---

Timeline of Events

Figure 1: Beanstalk attack timeline (all times UTC).

timeline
    section April 16, 2022
        Unknown : Attacker funds wallet via Synapse Bridge from Tornado Cash
        Unknown : BIP-18 and BIP-19 submitted to governance
    section April 17, 2022
        12.24 UTC : Single transaction executes entire attack (flash loan, vote, drain, repay)
        Afternoon : Beanstalk team pauses protocol and burns remaining BEAN in attacker contract
        Evening : 24,930 ETH laundered via Tornado Cash in 270 transactions
        Evening : 250K USDC sent to Ukraine donation wallet
    section April 18, 2022
        Evening : Discord Town Hall where Publius founders doxx themselves and FBI contacted

---

Impact by the Numbers

METRIC	VALUE
Total value drained	~$182 million
Attacker profit	~$76.2 million (24,830 ETH)
Flash loan principal	$1.04 billion
Voting power acquired	79% (67% threshold)
Attack duration	1 transaction (~13 seconds)
BEAN price (pre-attack)	~$1.00 (stablecoin peg)
BEAN price (post-attack)	~$0.00
Time to protocol relaunch	4 months

---

Key Mechanics

The Governance Vulnerability

Beanstalk used a Stalk-based governance system where depositing assets into the "Silo" granted voting power. The critical flaws:

1. No flash loan protection: Stalk could be minted by depositing LP tokens acquired via flash loan
2. No voting lockup: Tokens deposited in the same block could immediately vote
3. Instant execution: emergencyCommit() executed proposals the moment they reached 67% approval
4. No time delay: Unlike most governance systems, there was no delay between approval and execution

Figure 2: Normal governance vs. flash loan exploit.

flowchart LR
    subgraph "Normal Governance"
        N1[Acquire tokens over time] --> N2[Deposit to Silo]
        N2 --> N3[Wait for proposal]
        N3 --> N4[Vote]
        N4 --> N5[Wait for execution delay]
        N5 --> N6[Proposal executes]
    end

    subgraph "Flash Loan Attack"
        A1[Flash loan $1B] --> A2[Deposit to Silo]
        A2 --> A3[Gain 79% voting power]
        A3 --> A4[Call emergencyCommit]
        A4 --> A5[Proposal executes instantly]
        A5 --> A6[Drain funds, repay loan]
    end

    style N1 fill:#90EE90
    style N2 fill:#90EE90
    style N3 fill:#90EE90
    style N4 fill:#90EE90
    style N5 fill:#90EE90
    style N6 fill:#90EE90
    style A1 fill:#FF6B6B
    style A2 fill:#FF6B6B
    style A3 fill:#FF6B6B
    style A4 fill:#FF6B6B
    style A5 fill:#FF6B6B
    style A6 fill:#FF6B6B

The Attack Transaction

The entire exploit occurred in a single transaction 0xcd314668...dc5d33ad7 (tx).

Step 1: Flash Loan Acquisition

SOURCE	AMOUNT	ASSET
Aave	350,000,000	DAI
Aave	500,000,000	USDC
Aave	150,000,000	USDT
Uniswap	32,100,950	BEAN
SushiSwap	11,643,065	LUSD
Total	~$1.04B

Step 2: Convert to Voting Power

The attacker converted flash-loaned stablecoins into LP tokens that could be deposited into the Silo:

1. Deposited 1B stablecoins (DAI/USDC/USDT) into Curve 3pool → received 979M 3CRV
2. Swapped 15M 3CRV for 15.25M LUSD
3. Converted remaining 3CRV to 795.4M BEAN3CRV-f LP tokens
4. Converted LUSD + BEAN to 58.9M BEANLUSD-f LP tokens
5. Deposited all LP tokens into Beanstalk Silo → received Stalk (voting power)

Step 3: Execute Malicious Proposal

With 79% voting power (above the 67% threshold), the attacker called emergencyCommit() on BIP-18, which contained code to:

1. Transfer all Silo assets to the attacker's contract
2. Send $250K USDC to the Ukraine donation wallet (likely for optics)

Step 4: Extract and Repay

The attacker withdrew the stolen assets, converted them to ETH, repaid all flash loans, and retained the profit.

The Malicious Proposals

PROPOSAL	STATED PURPOSE	ACTUAL FUNCTION
BIP-18	Initially blank	Contained InitBip18 - the drain function
BIP-19	"Donate $250K to Ukraine"	Decoy with verified code to appear legitimate

BIP-19 served as a distraction. Its verified source code showed a legitimate Ukraine donation, which any on-chain observer could inspect. BIP-18's malicious payload was obscured.

---

Key Actors

The Attacker

• Wallet: 0x1c5dCdd006EA78a7E4783f9e6021C32935a10fb4 (etherscan)
• Attack Contract: 0x79224bC0bf70EC34F0ef56ed8251619499a59dEf (etherscan)
• Attack Transaction: 0xcd314668...dc5d33ad7 (tx)
• Identity: Unknown (funds originated from and returned to Tornado Cash)

Publius (Beanstalk Founders)

One day after the attack, the pseudonymous founders "Publius" revealed their identities during a Discord town hall:

• Benjamin Weintraub
• Brendan Sanderson
• Michael Montoya

All three attended the University of Chicago together. They doxxed themselves to dispel suspicions of involvement in the attack.

Omniscia (Auditor)

Omniscia had audited Beanstalk's smart contracts, but the audit was completed before the vulnerable LP tokens (BEAN3CRV-f and BEANLUSD-f) were added. The flash loan vulnerability was introduced after the audit.

---

Root Causes

ROOT CAUSE	DESCRIPTION
☒ No flash loan protection	Voting tokens could be acquired via flash loan
☒ Instant execution	emergencyCommit() had zero delay between approval and execution
☒ No voting lockup	Deposited assets could vote immediately
☒ Post-audit changes	Vulnerable LP tokens added after security audit
☒ Concentrated governance power	Single transaction could achieve supermajority

The fundamental issue: being able to vote on and execute a proposal in the same transaction makes any governance system vulnerable to flash loan attacks.

---

Aftermath

Immediate Response

• Protocol paused; governance disabled
• Remaining BEAN in attacker contract burned by Beanstalk team
• FBI contacted; founders fully cooperated
• Team offered 10% bounty ($7.6M) for return of 90% of funds—no response

The Barn Raise

Beanstalk launched a recapitalization effort called "The Barn Raise" on June 6, 2022:

• Goal: Raise $77M to restore stolen non-BEAN liquidity
• Mechanism: Sell 77M "Fertilizer" tokens at 1 USDC each
• Interest rate ("Humidity"): Up to 500% for early participants
• Result: Raised $17M+ by August 2022

The Replant

On August 6, 2022 (BIP-21), Beanstalk relaunched with critical changes:

• ☑ Removed on-chain governance entirely
• ☑ Replaced with community-run 9-of-9 Multisig
• ☑ Engaged Halborn and Trail of Bits for ongoing audits
• ☑ Launched Immunefi bug bounty program
• ☑ Implemented "Unripe" tokens for pre-exploit holders

Long-term Impact

The Beanstalk attack became a case study in governance security. It directly influenced:

• Industry-wide adoption of time-locked governance execution
• Flash loan resistance mechanisms in voting systems
• TWAP-based voting power calculations
• Mandatory delays between proposal approval and execution

---

Lessons

For Protocol Developers

• ☒ Governance proposals must have execution delays (minimum 24-48 hours recommended)
• ☒ Voting power must be snapshot-based or time-locked, not instantaneous
• ☒ Flash loan resistance is mandatory for any token-weighted voting
• ☒ Security audits must be repeated when new assets or mechanics are added
• ☑ Consider off-chain voting with on-chain execution (Snapshot + multisig)

For Users

• △ Governance token value can go to zero in a single transaction
• △ Audited protocols can still have unaudited vulnerabilities
• △ "Decentralized" governance can be captured with enough capital

For the Industry

The attack proved that on-chain governance without time delays is fundamentally unsafe. Any system where voting power can be borrowed, used, and returned in one block is exploitable.

---

References

• Beanstalk Governance Exploit - Official Post-Mortem
• Immunefi Hack Analysis: Beanstalk Governance Attack
• Merkle Science: Analysis of Beanstalk Flash Loan Attack
• CertiK: Revisiting Beanstalk Farms Exploit
• Beosin: Analysis of the Beanstalk Exploit
• CoinDesk: Attacker Drains $182M From Beanstalk
• Cointelegraph: Beanstalk Farms loses $182M
• Beanstalk: The Path Forward
• A Farmer's Guide to the Barn Raise

---

Changelog

DATE	AUTHOR	NOTES
2026-01-08	Artificial.	Generated by robots.
2026-01-08	Denizen.	Reviewed, edited, and curated by humans.