# The Beanstalk Farms exploited By [01dcat](https://paragraph.com/@01dcat) · 2022-04-18 --- What happened? -------------- Basically just from two TX [https://etherscan.io/tx/0xd09b72275962b03dd96205f8077fdc08bec87c0ebd07e431aadc760f31f34b01](https://etherscan.io/tx/0xd09b72275962b03dd96205f8077fdc08bec87c0ebd07e431aadc760f31f34b01) and [https://etherscan.io/tx/0xcd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7](https://etherscan.io/tx/0xcd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7) How --- * There are some code in Bean [https://github.com/BeanstalkFarms/Beanstalk/blob/ee4720cdb449d5b6ff2b789083792c4395628674/protocol/contracts/farm/facets/GovernanceFacet/GovernanceFacet.sol](https://github.com/BeanstalkFarms/Beanstalk/blob/ee4720cdb449d5b6ff2b789083792c4395628674/protocol/contracts/farm/facets/GovernanceFacet/GovernanceFacet.sol) ![](https://storage.googleapis.com/papyrus_images/1cc707212e3474b09a1fc60c416137153d9bf81c27286b85e3461e6713b07697.png) basically this means you can approve a bip when you have enough token 2/3 portion of the tokens * a BIP 18 be proposed — what is the BIP 18 — “Give 250,000 bean to Ukraine and 10,000 bean to the proposer.” [https://etherscan.io/address/0x259a2795624b8a17bc7eb312a94504ad0f615d1e#code](https://etherscan.io/address/0x259a2795624b8a17bc7eb312a94504ad0f615d1e#code) ![](https://storage.googleapis.com/papyrus_images/030a28613528459715e836c3034f1ff5b0524549cc1c0ff20fed8732a54fce46.png) * Flashloan to get enough bean to approve the BIP with emergecyCommit to get the bean out * vote for bip 18 + emergencyCommint bip 18 * **HOLD ON, why something will go wrong, let’s look back the creation of the bip 18** proposerWallet 0xe5ecf73603d98a0128f05ed30506ac7a663dbb69 is a smart contract this smart contract will be called from the bean and can transfer everything(bean,LP) to address 0x1c5dcdd006ea78a7e4783f9e6021c32935a10fb4 * this is the code [https://etherscan.io/bytecode-decompiler?a=0xe5ecf73603d98a0128f05ed30506ac7a663dbb69](https://etherscan.io/bytecode-decompiler?a=0xe5ecf73603d98a0128f05ed30506ac7a663dbb69) * The transaction looks like [https://etherscan.io/tx/0x68cdec0ac76454c3b0f7af0b8a3895db00adf6daaf3b50a99716858c4fa54c6f](https://etherscan.io/tx/0x68cdec0ac76454c3b0f7af0b8a3895db00adf6daaf3b50a99716858c4fa54c6f) ![](https://storage.googleapis.com/papyrus_images/1dd343baba158781bfcf8f3fe64a04faa71373d7a08257c299576e3060f5b07c.jpg) A simple steps from [https://twitter.com/peckshield](https://twitter.com/peckshield) ------------------------------------------------------------------------------------ ![](https://storage.googleapis.com/papyrus_images/815f501114430680f11cd57b6118d4fd1f756bf98e92e0014361231cc5d83ec1.jpg) A remarkable note ----------------- Yes. 250,000 USDC sent to Ukraine Crypto Donation, thank you hacker while you are getting 182M USD…… _Originally published at_ [_https://01dcat.notion.site_](https://01dcat.notion.site/The-Beanstalk-Farms-exploited-4018251b67fe420a866ee2f586f804c0). --- *Originally published on [01dcat](https://paragraph.com/@01dcat/the-beanstalk-farms-exploited)*