Beanstalk - REKT Post-Mortem
Overview
On April 18, 2022, Beanstalk suffered a governance attack resulting in $181 million in losses, ranking #5 on the REKT leaderboard. The attacker secured approximately $76 million in profits, with the remainder attributed to slippage and conversions.
What Happened
A malicious governance proposal was executed through flash loan manipulation, allowing the attacker to temporarily acquire sufficient voting power to approve and execute an emergency proposal that drained the protocol's assets.
Technical Root Cause
The protocol had two critical vulnerabilities:
1. Delayed Governance Execution: A ~1-day delay existed for governance actions, which the attacker exploited by pre-staging proposals 24 hours in advance
2. Absence of Execution Safeguards: No meaningful delay separated proposal approval from emergency execution, enabling immediate fund transfers after voting
As noted: "A malicious governance proposal was pushed through by a flash loan, and the attacker then voted to transfer all the assets to themself."
Attack Vector & Exploit Steps
Preparation Phase (Day 1):
• Attacker submitted two governance proposals (BIP-18 and BIP-19)
• BIP-18 designed to steal all protocol funds
• BIP-19 crafted to donate $250K BEAN to Ukraine (likely misdirection)
Execution Phase (Day 2):
The attacker executed transaction
0xcd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7 with the following steps:1. Flash loan acquisition from Aave:
• 350,000,000 DAI
• 500,000,000 USDC
• 150,000,000 USDT
2. Additional borrowed assets:
• 32,425,202 BEAN from Uniswap v2
• 11,643,065 LUSD from SushiSwap
3. Liquidity provision to Curve pools for governance voting rights:
• Deposited stables into 3Crv pool
• Converted to BEAN3CRV-f and BEANLUSD-f tokens
• Deposited LP tokens into Diamond contract
4. Voting and execution:
• Called
Diamond.vote(bip=18)• Executed
Diamond.emergencyCommit(bip=18)• Attacker's init contract executed, transferring funds to hacker contract
5. Asset liquidation and fund recovery:
• Removed liquidity from BEAN3CRV-f and BEANLUSD-f pools
• Repaid all flash loans
• Converted remaining assets to 24,830 WETH ($76M equivalent)
• Transferred proceeds to Tornado Cash
• Donated ~$250K to Ukraine Crypto Donation fund
Financial Impact
• Total Damage: $181 million
• Attacker Profit: $76 million (converted to WETH)
• Recovered/Donated: ~$250K to Ukraine
• Additional Laundering: ~24,800 ETH sent to Tornado Cash
Key Addresses
| Entity | Address |
|---|---|
| Attacker EOA | 0x1c5dcdd006ea78a7e4783f9e6021c32935a10fb4 |
| Attacker Contract | 0x79224bc0bf70ec34f0ef56ed8251619499a59def |
| Malicious BIP-18 | 0xe5ecf73603d98a0128f05ed30506ac7a663dbb69 |
| Proposal TX | 0x68cdec0ac76454c3b0f7af0b8a3895db00adf6daaf3b50a99716858c4fa54c6f |
Response & Remediation
Identity Disclosure: Protocol founder Publius (pseudonymous) revealed themselves as a group of three individuals to counter insider-job speculation.
Audit Findings: Omniscia noted this attack "fell outside the scope of their audit" but their governance contract review should have identified risks. Flash loans presented "a known threat to DeFi governance" according to prior warnings.
Fund Recovery: No recovery mentioned in article.
Lessons & Prevention
The article emphasizes that "a delay on execution of on-chain governance proposals is one way to prevent this." The vulnerability highlights how flash loans combined with inadequate governance safeguards create catastrophic attack vectors—a lesson the DeFi ecosystem had already learned from prior incidents.
The community expectation that "heavily-shilled projects" would receive heightened vigilance proved unfounded, underscoring the importance of conducting independent security due diligence.