A flash loan attack is a type of exploit in decentralized finance (DeFi) that targets a specific pool by draining assets through a smart contract designed for flash loans. In these attacks, the malicious actor borrows capital through a loan, uses it to purchase other assets through arbitrage, and quickly repays the loan, ultimately profiting from the remaining assets.
It is important to note that flash loan attacks can only occur within DeFi protocols, as they operate in a permissionless manner and rely solely on smart contracts. While the absence of intermediaries offers advantages such as cost savings and resistance to censorship, it also makes DeFi platforms vulnerable to such attacks.
Executing a flash loan attack is a complex and challenging task, but cybercriminals have successfully carried out numerous cases.
Typically, flash loan attacks involve leveraging borrowed capital to arbitrage assets from other DeFi protocols. For instance, in the bZx protocol attack, the hacker borrowed a loan from a contract and promptly converted it into stablecoins. By manipulating the price of the stablecoin sUSD through a large buy order, the attacker inflated its value. Subsequently, the attacker obtained a larger loan using the manipulated sUSD as collateral, repaid all loans, and profited from the remaining assets.
Another notable flash loan attack occurred earlier on the same platform. The attacker took out a flash loan on dYdx, a lending DApp, and transferred the capital to both Compound and Fulcrum. On Fulcrum, the attacker shorted ETH against Wrapped Bitcoin (WBTC) while simultaneously taking out a Compound loan of WBTC. By exploiting the price increase of WBTC caused by Fulcrum’s acquisition, the attacker sold their WBTC on Uniswap, repaid the loans, and escaped with the surplus ETH.
In May 2021, PancakeBunny, a popular yield farming aggregator on the Binance Smart Chain, became a victim of a flash loan attack. The attacker borrowed a significant amount of BNB on PancakeBunny, manipulating its price in relation to the Binance USD stablecoin and Bunny tokens. By dumping their Bunny tokens on the market, the attacker caused a sharp price drop.
LayerZero Labs collaborates with Chaos Labs and Nansen to conduct a LayerZero sybil detection report…
MicroStrategy Bitcoin holdings are now more than any country, with 214,400 BTC worth $13.6 billion.
The highly anticipated Bitcoin Seoul 2024 conference is gearing up to be a revolutionary event…
As an experimental festival, Non-Fungible Conference aims to revolutionize event frameworks, offering attendees a glimpse…
Blockchain Week Rome 2024 is set to unite the Italian and international crypto communities in…
The eagerly anticipated BlockSplit conference, a premier gathering for blockchain enthusiasts, is set to take…
This website uses cookies.