Beanstalk Farms

Beanstalk Farms operates a decentralized finance protocol centered on a stablecoin designed to maintain a peg to the US dollar. The platform's governance is conducted through a native token, enabling holders to vote on proposals that manage protocol parameters and asset custody. In April 2022, this governance framework was critically compromised in a flash loan attack. The exploiter borrowed nearly $1 billion via the Aave lending protocol, swiftly converted it into Beanstalk governance tokens to secure a supermajority voting stake, and approved a malicious proposal that transferred approximately $182 million in assets from the protocol's liquidity pools. This action directly resulted in the theft of about $80 million after the flash loan was repaid, while the remainder depleted the protocol's reserves. The stablecoin immediately depegged, collapsing from its $1 target to a range between 11 and 14 cents, which catastrophically eroded user and market trust in the project's stability.

The incident exposed a fundamental vulnerability in decentralized autonomous organization governance where voting power can be momentarily concentrated through large, uncollateralized loans. Following the attack, the perpetrator laundered the stolen cryptocurrency through the privacy mixer Tornado Cash, obscuring the fund trail and hindering recovery; a portion of the assets was also donated to Ukrainian humanitarian efforts. Reports noted that Beanstalk Farms functioned without substantial venture capital backing, a structural factor that left users with minimal recourse or expectation of compensation for their losses. The exploit demonstrated how flash loans could be weaponized to bypass typical economic constraints and manipulate governance outcomes within seconds, a risk specific to DeFi systems that combine token-based voting with open lending markets. This event became a significant case study in the systemic dangers of governance token concentration and the need for more resilient, time-locked, or quorum-based decision-making mechanisms in decentralized protocols.