Yesterday (17), Beanstalk Farms, a stablecoin protocol based on Ethereum (ETH), suffered a $182 million hit.

The attack was reported on Twitter by blockchain security firm PeckShield, which said the criminal took about $80 million worth of cryptocurrencies, but the losses suffered by the protocol were much greater.

As a result of the attack, the market for Beanstalk’s stablecoin, BEAN, collapsed. According to CoinGecko, the token plummeted 86% and lost its parity with the US Dollar, dropping below $0.20.

When CoinDesk contacted Beanstalk, the company pointed to a post on its Discord server that summarized the attack.

According to this summary, the criminal made a flash loan (unsecured loan) on the Aave platform, which allowed him to amass a huge amount of Beanstalk’s native governance token — Stalk. From the voting power these tokens provided, he was able to pass a malicious governance proposal that took all the funds out of the protocol, putting them in a personal Ethereum wallet.

“Beanstalk did not use a weather-resistant measure. flash loan to determine the % of Stalk that voted in favor of the Bitcoin Improvement Proposal (BIP). This allowed the hacker to exploit Beanstalk,” the post stated.

The company’s smart contracts were vetted by blockchain security firm Omnicia. However, according post mortem published yesterday by the company, the audit was completed before the introduction of the vulnerability of flash loan.

Beanstalk did not provide details on a possible refund of the funds, noting that more news would be broadcast at an event scheduled for next Sunday.

According to PeckShield, the criminal appears to have donated $250,000 of the stolen funds to a Ukraine support wallet.

This is the latest of the attacks on decentralized finance (DeFi) in recent weeks. In March, Axie Infinity’s Ronin Blockchain lost $625 million in a scam that the US government said was linked to North Korea.

