Beanstalk Farms · April 19th, 2022

Beanstalk Governance Exploit

Beanstalk was attacked on April 17, resulting in a theft of ~$77M in non-Beanstalk user assets.

Beanstalk, a decentralized credit based stablecoin protocol, was attacked at roughly 12:24pm UTC on April 17, resulting in a theft of ~$77M in non-Beanstalk user assets. The perpetrator used a flash loan to exploit the protocol’s governance mechanism and send the funds to a wallet they controlled. Beanstalk Farms, the decentralized development team working on Beanstalk, is preparing a strategy to safely re-launch a more secure Beanstalk with a path forward.

Yesterday morning, the Beanstalk contract on the Ethereum mainnet was exploited via a previously-unknown issue with Beanstalk’s governance process. The Beanstalk Farms team was immediately alerted and took action to temporarily shut off protocol governance and pause Beanstalk. Approximately $77M was stolen from the protocol’s liquidity pools. The team has since burned the remaining Beans in the exploiter contract.

Since the attack, the Beanstalk community has demonstrated incredible support for the project and provided numerous thoughtful ideas for a suitable path forward. The Beanstalk Farms team has taken these ideas into consideration and developed a proposal with four primary goals in mind: securing the enduring success of Beanstalk's economic model; attracting sufficient capital to restart Beanstalk; preserving as much of each Farmers' Stalk, Seed and Pod positions as possible, and; aligning new capital with previous Stalk and Pod holders.

About Beanstalk

Beanstalk is a decentralized protocol that allows anyone to realize the value of an open, credit based stablecoin. The Beanstalk community of lenders, borrowers and savers secures a protocol-native stablecoin, Bean, with the goal of creating the world’s most accessible digital money system. By eliminating collateral requirements, Beanstalk aims to be the catalyst for a trustless solution to unlock the universal potential of decentralized finance.