Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The protocol loss caused by the flash loan attack of Ethereum-based algorithm stablecoin project Beanstalk Farms is about 182 million US dollars. The specific assets include 79238241 BEAN3CRV-f, 1637956 BEANLUSD-f, 36084584 BEAN and 0.54 UNI-V2_WETH_BEAN . The attackers made over $80 million, including about 24,830 ETH and 36 million BEAN. The main reason for this attack is that there is no time interval between the voting and execution of the proposal, so that the attacker can directly execute malicious proposals without community review after completing the voting. Attack method (per SlowMist): Flash loan attack. Reported loss: $ 182,000,000.
- chain
- ethereum
- protocol
- Beanstalk
- bug_class
- flashloan
- date_occurred
- 2022-04-17
- loss_usd
- $182,000,000
- source_id
- sm:beanstalk::2022-04-17