Flash loans allow anyone to borrow massive amounts of crypto with zero collateral, as long as the loan is repaid within the same transaction. Attackers exploit this for profit.
How Flash Loans Work (Normal Use)
- Borrow $50 million in ETH (no collateral needed)
- Use funds to execute trades/arbitrage
- Repay $50M + tiny fee in same transaction
- Keep the profit
Legitimate use: Arbitrage between exchanges in one transaction
Attack Example
The hack:
- Attacker borrows $50M in tokens
- Uses borrowed tokens to artificially pump token price
- Other contracts think price is legitimate
- Attacker liquidates positions at inflated price
- Repays flash loan
- Keeps massive profit
Real example: bZx protocol lost $1M+ in 2019 to this exact attack
Why It’s Dangerous
- Scale: Can borrow hundreds of millions instantly
- No collateral: No risk to attacker if they fail
- Atomic: All happens in one transaction (can’t stop mid-attack)
- Temporary price changes: Price feeds believe inflated prices
Current Protections
- Price oracle improvements: Better price feeds resist manipulation
- Time delays: Some functions require blocks to pass
- Collateral requirements: Less reliance on instant borrows
- Smart contract audits: Catch obvious vulnerabilities
- Circuit breakers: Protocol pauses during extreme price moves
Risks for Users
- Liquidation cascade: Flash loan pumps price, your collateral gets liquidated
- Slippage losses: Trades execute at worse prices during attack
- Contract failure: Hacked protocol can lose all funds
- No insurance: Most DeFi lacks deposit insurance
Protection Strategies
- Avoid newly deployed protocols (battle-tested protocols safer)
- Only use heavily audited smart contracts
- Keep deposits small while testing
- Monitor protocol governance for security discussions
- Use established stablecoins for less risky positions
Related articles:



