CoinClear

Bean (Beanstalk)

2.8/10

Credit-based stablecoin that lost $182M in a flash loan governance attack — rebuilt by community but carries permanent trust deficit and unproven peg mechanism.

Updated: February 16, 2026AI Model: claude-4-opusVersion 1

Overview

Beanstalk is a decentralized credit-based stablecoin protocol that issues Bean, a dollar-pegged token. Unlike collateralized stablecoins (DAI, FRAX) or algorithmic stablecoins backed by seigniorage tokens (UST/LUNA), Beanstalk uses a credit system where the protocol issues debt ("Soil") when Bean trades below peg and absorbs demand when Bean trades above peg. The system relies on rational economic actors lending to the protocol during contractions in exchange for future repayment with interest ("Pods").

The protocol was created by an anonymous team (pseudonymous founder "Publius") and launched in August 2021. It grew rapidly, reaching over $100M in deposited value by early 2022. Beanstalk's credit-based approach was genuinely novel — neither pure algorithmic (no burn/mint seigniorage) nor collateralized (no locked assets), but debt-based, similar to how central banks use interest rates to manage currency supply.

On April 17, 2022, Beanstalk suffered one of DeFi's most sophisticated attacks. An attacker used a flash loan to borrow enough BEAN and deposited value to gain majority governance power, then passed a malicious governance proposal that drained the protocol of approximately $182 million. The attack exploited a critical vulnerability: Beanstalk's governance allowed proposals to execute immediately after passing a supermajority threshold, with no timelock delay. The attacker borrowed governance power, voted, executed, and repaid the flash loan — all in one transaction.

The community rebuilt Beanstalk after the exploit, removing the governance vulnerability and implementing a timelock. The protocol was "Replanted" in August 2022, with depositors receiving "Unripe" tokens representing their claims on future protocol recovery. Beanstalk continues to operate but at a fraction of its former scale, carrying the weight of one of DeFi's most spectacular failures.

Peg Stability

Bean's peg mechanism is unique and experimental. When Bean trades above $1, the protocol mints new Beans and distributes them to Silo depositors (liquidity providers) and Pod holders. When Bean trades below $1, the protocol offers Soil (debt) — users can lend Beans to the protocol in exchange for Pods (future Bean claims) at an interest rate set by market conditions.

This credit-based peg mechanism has shown mixed results. In favorable conditions, the system maintains peg reasonably well through the supply expansion (above peg) and credit contraction (below peg) cycle. However, the system has experienced extended periods off-peg, particularly after the exploit when confidence was shattered.

The fundamental risk of an uncollateralized, credit-based peg is a confidence crisis: if lenders lose faith that the protocol will honor future Pod redemptions, no one lends during contractions, and the peg breaks permanently. This is analogous to a central bank losing credibility — the mechanism only works while participants believe it works. Post-exploit, this confidence challenge is acute.

Collateralization

Beanstalk is intentionally uncollateralized. The protocol does not hold reserves backing Bean; instead, Bean's value is supported by the protocol's creditworthiness — the market's willingness to lend to Beanstalk during contractions in exchange for future repayment.

This design is philosophically interesting but practically risky. Every other surviving stablecoin of meaningful size is backed by collateral (fiat for USDC/USDT, crypto for DAI, mixed for FRAX). Uncollateralized designs (Terra/UST, Empty Set Dollar, Basis Cash) have uniformly failed at scale. Beanstalk's credit mechanism is different from pure algorithmic designs, but the absence of collateral means there is no floor — if confidence collapses, Bean goes to zero.

The "Unripe" tokens from the post-exploit rebuild represent a form of protocol debt, further illustrating the credit-based nature: depositors are essentially creditors waiting for the protocol to generate enough value to repay them.

Security

The April 2022 exploit is the defining event of Beanstalk's history. The $182 million governance attack was executed through a single transaction:

  1. The attacker deployed a malicious governance proposal (BIP-18) that would transfer all Beanstalk assets to the attacker's wallet.
  2. Using Aave flash loans, the attacker borrowed massive amounts of tokens, converted them to Bean and deposited value in the Silo, gaining overwhelming governance power.
  3. The attacker voted for BIP-18 with their flash-loaned governance weight, reaching supermajority.
  4. Because Beanstalk had no timelock, the proposal executed immediately within the same transaction.
  5. The attacker received all protocol assets, repaid the flash loans, and profited approximately $80M (the rest was protocol value destroyed).

The vulnerability was fundamental: governance without a timelock is an invitation for flash loan attacks. Post-rebuild, Beanstalk implemented a governance timelock (Beanstalk Improvement Proposal Commit mechanism) that requires proposals to pass a waiting period before execution, preventing single-transaction governance attacks.

While the specific vulnerability has been fixed, the exploit revealed deeper concerns about the complexity and attack surface of novel DeFi protocols. The rebuilt Beanstalk has undergone additional audits, but the reputational damage is permanent.

Decentralization

Beanstalk's decentralization is one of its genuine strengths. The protocol operates through on-chain governance with no admin keys or privileged roles. The post-exploit rebuild was led by the community through a transparent process. The anonymous founder ("Publius") has not retained special powers, and protocol changes require governance approval.

The Beanstalk Community Multisig (BCM) temporarily holds certain emergency powers during the recovery period, with explicit plans to dissolve as the protocol matures. The governance process, while previously exploited, now includes proper timelocks and quorum requirements.

The community-led rebuild after a $182M exploit is itself a testament to decentralized governance — the protocol survived the destruction of its treasury and the apparent disappearance of its anonymous founder through community coordination alone.

Adoption

Beanstalk's adoption is modest. Post-rebuild TVL has fluctuated in the tens of millions — a fraction of the pre-exploit level. Bean's circulation is limited, and DeFi integrations are minimal. The protocol has a small but dedicated community of believers in the credit-based stablecoin model.

The exploit created a permanent trust deficit that limits adoption. Rational DeFi participants evaluating stablecoin risk will always note Beanstalk's $182M loss, regardless of post-rebuild improvements. Growing beyond the current community requires overcoming this trust barrier, which may prove impossible.

Risk Factors

  • $182M exploit history — one of the largest DeFi exploits permanently marks the protocol.
  • Uncollateralized design — no asset backing means no floor value for Bean.
  • Confidence dependency — peg mechanism requires ongoing market belief in protocol creditworthiness.
  • Unripe token overhang — legacy claims from exploit victims create future obligations.
  • Small TVL — limited adoption constrains protocol revenue and resilience.
  • Experimental mechanism — credit-based peg is unproven at scale.
  • Anonymous founder — "Publius" identity unknown, creating accountability gaps.
  • Smart contract risk — novel protocol design means less battle-tested code.

Conclusion

Beanstalk is one of DeFi's most fascinating and tragic projects. The credit-based stablecoin mechanism is genuinely innovative — a novel approach to the stablecoin trilemma that relies on protocol creditworthiness rather than collateral. The $182M flash loan governance attack was one of the most sophisticated DeFi exploits ever executed, and the community-led rebuild is equally impressive. The 2.8 score reflects innovation and resilience weighed against catastrophic security failure, an unproven peg mechanism, and the permanent trust deficit from the exploit. Beanstalk is worth studying but carries extreme risk for any significant capital allocation.

Sources