What Is a Flash Loan Attack in Crypto?

In traditional finance, you need money to make money. In DeFi, you can borrow millions of dollars with zero collateral, use it to exploit a vulnerability, and repay the loan in the same transaction. The whole thing takes about 12 seconds on Ethereum. If it sounds like a cheat code, that's because it kind of is.

Flash loan attacks have drained hundreds of millions of dollars from DeFi protocols. They're one of the most fascinating and destructive phenomena in crypto. And they're not going away anytime soon.

What Is a Flash Loan?

Before we talk about attacks, let's understand the tool itself. A flash loan is a loan that gets borrowed and repaid within a single blockchain transaction. No collateral needed. No credit check. No application process.

How is that possible? Because if the borrower doesn't repay the loan by the end of the transaction, the entire transaction gets reverted. It's like it never happened. The blockchain just rolls everything back. The lender is never at risk because the loan either gets repaid or it never existed.

This is only possible because of how blockchains process transactions. Everything in a single transaction happens atomically. Either all of it executes or none of it does. Flash loan protocols like Aave let you borrow millions in one step, do stuff in the middle steps, and repay in the final step.

If the repayment step fails, steps one through whatever all get unwound. The lender keeps their money. The borrower pays nothing except the gas fee for a failed transaction. Nobody loses anything.

Legitimate uses of flash loans include arbitrage (buying cheap on one exchange and selling expensive on another), self liquidation (avoiding liquidation penalties), and collateral swaps. These are perfectly fine and actually useful for DeFi.

The problem is when people use flash loans to exploit vulnerabilities in other protocols. That's when it becomes an attack.

How Flash Loan Attacks Actually Work

The general pattern looks like this:

1. Attacker borrows a massive amount of tokens through a flash loan (often $50M to $200M worth)
2. Uses those tokens to manipulate a price oracle or exploit a vulnerability in a DeFi protocol
3. Profits from the manipulation
4. Repays the flash loan
5. Keeps the profit

All of this happens in one transaction. The attacker starts with almost nothing and ends with millions. The protocol they exploited ends up drained.

Let me walk through the most common attack vectors.

Oracle Manipulation

Many DeFi protocols use on-chain price feeds to determine token values. Some protocols use the price on a specific DEX pool as their oracle. This is dangerous because a flash loan can temporarily manipulate that price.

Example: A lending protocol uses the ETH/USDC price on a specific Uniswap pool to determine collateral values. The attacker borrows $100 million of USDC through a flash loan, dumps it all into that Uniswap pool, crashing ETH's price on that specific pool. The lending protocol now thinks ETH is worth much less. The attacker can then borrow against their ETH at the artificially low price, extract more than they should be able to, repay the flash loan, and walk away with the difference.

The real ETH price on other exchanges didn't change. Only the price on that specific pool that the protocol was using as an oracle. But that was enough.

Governance Attacks

Some DeFi protocols let token holders vote on changes. If voting power is based on current token holdings, a flash loan can temporarily give someone enormous voting power.

The attacker borrows millions of governance tokens, votes on a malicious proposal (like "send all treasury funds to this address"), and repays the loan. If the proposal executes within the same transaction, the attacker just stole the treasury.

Most protocols have since added time delays to governance to prevent this. But in the early days of DeFi, several protocols were vulnerable.

Reentrancy Combined with Flash Loans

Reentrancy is a smart contract bug where a contract can be called repeatedly before it finishes processing the first call. When combined with flash loans, the attacker can amplify the exploit by starting with a much larger amount than they actually own.

The classic reentrancy attack might steal $50,000 from a vulnerable contract. Add a flash loan that provides $50 million in starting capital, and the same reentrancy bug can drain the entire protocol.

Famous Flash Loan Attacks

bZx (February 2020)

One of the first major flash loan attacks. The attacker borrowed ETH through a flash loan, used it to manipulate the price on Uniswap, then exploited bZx's margin trading platform to profit from the manipulated price. Total profit: about $350,000 in the first attack, followed by a $600,000 follow up attack days later.

This was the attack that put flash loans on the map. Before bZx, most people didn't even know flash loans existed.

Pancake Bunny (May 2021)

The attacker used a flash loan to borrow a massive amount of BNB, manipulated the price of BUNNY token through Pancake Bunny's flawed price calculation, and extracted about $45 million. The BUNNY token price crashed from $150 to $6 in minutes.

Cream Finance (October 2021)

A $130 million flash loan attack that exploited Cream Finance's price oracle for a wrapped token. The attacker manipulated the oracle to inflate the value of a token they held, used it as collateral to borrow $130 million in other tokens, and drained the protocol.

Cream Finance was attacked three times in 2021 for a combined loss of over $180 million. They eventually shut down their lending service.

Euler Finance (March 2023)

The largest flash loan attack to date: $197 million stolen from Euler Finance's lending protocol. The attacker exploited a bug in Euler's donation function that allowed them to artificially inflate collateral values.

In a surprising twist, the attacker later returned most of the funds after Euler negotiated with them. But that's not the typical outcome.

Why Flash Loan Attacks Keep Happening

You'd think after dozens of high profile attacks, protocols would have figured this out. Some have. But new ones keep falling victim for a few reasons.

New protocols launch constantly. DeFi moves fast. New lending protocols, new DEXs, and new yield aggregators launch every week. Many of them are forks of existing protocols with modifications that introduce new vulnerabilities. And many don't get thorough security audits before launching.

Composability creates unexpected interactions. DeFi protocols interact with each other in complex ways. A protocol might be secure in isolation but vulnerable when combined with another protocol in a specific sequence. Flash loans make it possible to test these combinations with massive amounts of capital at zero risk to the attacker.

Price oracle design is hard. Getting accurate, manipulation resistant price data on-chain is genuinely difficult. Chainlink oracles have largely solved this for major tokens, but many smaller protocols still use on-chain price feeds that can be manipulated.

Audits aren't perfect. Even protocols that pay for professional security audits get exploited. Auditors check for known vulnerability patterns, but novel attack vectors emerge constantly. Some attacks combine multiple small issues that individually seem harmless but together create an exploit.

How to Protect Yourself

As a regular DeFi user, you can't prevent flash loan attacks. But you can reduce your exposure.

Use established protocols. Aave, Compound, and MakerDAO have survived multiple market cycles and attack attempts. Their code has been battle tested. Newer protocols haven't earned that trust yet.

Check audit reports. Before depositing into any protocol, check if it's been audited and by whom. Audits from Trail of Bits, OpenZeppelin, and Consensys Diligence carry more weight than unknown firms. But remember, audits reduce risk. They don't eliminate it.

Diversify across protocols. Don't put all your DeFi capital in one protocol. If that protocol gets exploited, you lose everything. Spread your deposits across multiple protocols and chains.

Follow DeFi security accounts. Accounts like @PeckShieldAlert, @SlowMist_Team, and @BlockSecTeam on Twitter post real time alerts when attacks happen. If a protocol you're using gets hit, minutes matter. The faster you can withdraw remaining funds, the better.

Look for insurance. Protocols like Nexus Mutual offer DeFi insurance against smart contract exploits. The premiums are usually 2% to 5% per year. If you have significant capital in DeFi, the insurance is worth considering.

Flash loan attacks are one of the most unique risks in DeFi. They can't happen in traditional finance because you can't borrow $100 million with no collateral and no approval process. They exist because of blockchain's unique properties: atomic transactions, public mempools, and permissionless lending.

They're brilliant in their design and devastating in their impact. And until DeFi security matures significantly, they'll keep happening. Be aware. Be cautious. And never assume any protocol is too big to be exploited.