Home > Today’s Crypto News
bitcoin
bitcoin

$78296.150408 USD

-6.06%

ethereum
ethereum

$1566.911665 USD

-13.25%

tether
tether

$1.000018 USD

0.04%

xrp
xrp

$1.876916 USD

-12.03%

bnb
bnb

$557.614617 USD

-5.62%

usd-coin
usd-coin

$1.000611 USD

0.06%

solana
solana

$105.570282 USD

-12.12%

dogecoin
dogecoin

$0.145710 USD

-13.19%

tron
tron

$0.227049 USD

-3.81%

cardano
cardano

$0.568870 USD

-12.00%

unus-sed-leo
unus-sed-leo

$8.917500 USD

-2.44%

chainlink
chainlink

$11.183946 USD

-12.41%

toncoin
toncoin

$2.932062 USD

-9.33%

stellar
stellar

$0.221191 USD

-12.20%

avalanche
avalanche

$16.013904 USD

-7.98%

Flash Loan Attack

What Is a Flash Loan Attack?

Flash loan attacks are decentralized finance (DeFi) exploits where a smart contract designated to support the provision of flash loans is attacked in order to siphon assets stored in any particular pool. In such attacks, the malicious actor opens a loan, uses that borrowed capital to purchase other assets with arbitrage and quickly pays their loan back, taking the assets left with them throughout the whole process as their profit.

It is important to understand that this exposure can only happen within DeFi protocols since they are permissionless and entirely run by smart contracts. While disintermediation provides a lot of benefits like cost savings and censorship resistance, having no third party overseeing the provision of uncollateralized loans provided through flash loan contracts make DeFi platforms susceptible to such attacks. 

This type of malicious activity is actually complex and difficult to pull off, yet somehow there are many cases where cybercriminals have succeeded in this endeavor. 

Most flash loan attacks involve using borrowed capital to arbitrage assets from other DeFi protocols. For instance, in one of the bZx protocol attack, the hacker took out a loan from a contract and immediately converted it into stablecoins. But since smart contracts only function based on the data fed to them, they can be vulnerable to some exploits. The attacker took advantage of that by manipulating the price of the stablecoin, sUSD, by placing a large buy order on it, which helped drive the price of the stablecoin to twice the value it was supposed to be. From there, he took out a bigger loan using the sUSD he swapped as collateral. Then, he repaid all these loans and took away the remaining assets with him as profit.

Another well-known flash loan attack occurred earlier on, on the same platform. The flash loan attacker took out a flash loan on dYdx, which is a lending DApp, and sent the capital from that flash loan to both Compound and Fulcrum — on Fulcrum, the attacker shorted ETH against Wrapped Bitcoin (WBTC), while also taking out a Compound loan of WBTC. Without getting too much into the specifics, when WTBC's price pumped due to the effects of Fulcrum acquiring WBTC, the flash loan attacker flipped their WBTC on Uniswap, repaid their own and got away with any of the leftover ETH.

In May 2021, popular Binance Smart Chain-based yield farming aggregator PancakeBunny experienced a flash loan attack as well. The flash loan attacker borrowed a large amount of BNB on PancakeBunny, thus manipulating its price against both the Binance USD stablecoin and Bunny tokens — when the flash loan hacker dumped their Bunny on the market, the price plummeted.