Attacker used flash loan to acquire 67% voting power and pass a malicious governance proposal in a single block.
The attacker borrowed $1B+ in a flash loan to acquire 67% of Beanstalk's governance tokens (Stalk). With this supermajority, they passed a malicious BIP (Beanstalk Improvement Proposal) that transferred all protocol assets to their address. The governance mechanism allowed immediate execution with no time-lock, making this attack possible in a single Ethereum block.
Profits converted to ETH and funneled through Tornado Cash. USDC donation of $250K made to Ukraine relief by attacker on-chain. Attacker's identity never definitively established. The attack exploited the absence of a governance time-lock — a design flaw since corrected in most protocols.
0xcd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33652