Flash Loan Attacks: DeFi Exploit Risk
Money101

Flash Loan Attacks: DeFi Exploit Risk

Flash loan attacks explained: how attackers borrow massive crypto amounts without collateral to exploit DeFi protocols.

2 min read

Flash loans allow anyone to borrow massive amounts of crypto with zero collateral, as long as the loan is repaid within the same transaction. Attackers exploit this for profit.

How Flash Loans Work (Normal Use)

  1. Borrow $50 million in ETH (no collateral needed)
  2. Use funds to execute trades/arbitrage
  3. Repay $50M + tiny fee in same transaction
  4. Keep the profit

Legitimate use: Arbitrage between exchanges in one transaction

Attack Example

The hack:

  1. Attacker borrows $50M in tokens
  2. Uses borrowed tokens to artificially pump token price
  3. Other contracts think price is legitimate
  4. Attacker liquidates positions at inflated price
  5. Repays flash loan
  6. Keeps massive profit

Real example: bZx protocol lost $1M+ in 2019 to this exact attack

Why It’s Dangerous

  • Scale: Can borrow hundreds of millions instantly
  • No collateral: No risk to attacker if they fail
  • Atomic: All happens in one transaction (can’t stop mid-attack)
  • Temporary price changes: Price feeds believe inflated prices

Current Protections

  1. Price oracle improvements: Better price feeds resist manipulation
  2. Time delays: Some functions require blocks to pass
  3. Collateral requirements: Less reliance on instant borrows
  4. Smart contract audits: Catch obvious vulnerabilities
  5. Circuit breakers: Protocol pauses during extreme price moves

Risks for Users

  • Liquidation cascade: Flash loan pumps price, your collateral gets liquidated
  • Slippage losses: Trades execute at worse prices during attack
  • Contract failure: Hacked protocol can lose all funds
  • No insurance: Most DeFi lacks deposit insurance

Protection Strategies

  1. Avoid newly deployed protocols (battle-tested protocols safer)
  2. Only use heavily audited smart contracts
  3. Keep deposits small while testing
  4. Monitor protocol governance for security discussions
  5. Use established stablecoins for less risky positions

Related articles:

Editor's Picks

CURATED CONTENT