BTC

$64367.35

0.20%

ETH

$3141.373

-0.46%

BNB

$609.823

0.68%

XRP

$0.531

0.66%

Glossary

Flash Loan Attack

November 21, 2023 - Around 2 mins mins to read

Understanding Flash Loan Attacks

A flash loan attack is a type of exploit in decentralized finance (DeFi) that targets a specific pool by draining assets through a smart contract designed for flash loans. In these attacks, the malicious actor borrows capital through a loan, uses it to purchase other assets through arbitrage, and quickly repays the loan, ultimately profiting from the remaining assets.

It is important to note that flash loan attacks can only occur within DeFi protocols, as they operate in a permissionless manner and rely solely on smart contracts. While the absence of intermediaries offers advantages such as cost savings and resistance to censorship, it also makes DeFi platforms vulnerable to such attacks.

Executing a flash loan attack is a complex and challenging task, but cybercriminals have successfully carried out numerous cases.

Typically, flash loan attacks involve leveraging borrowed capital to arbitrage assets from other DeFi protocols. For instance, in the bZx protocol attack, the hacker borrowed a loan from a contract and promptly converted it into stablecoins. By manipulating the price of the stablecoin sUSD through a large buy order, the attacker inflated its value. Subsequently, the attacker obtained a larger loan using the manipulated sUSD as collateral, repaid all loans, and profited from the remaining assets.

Another notable flash loan attack occurred earlier on the same platform. The attacker took out a flash loan on dYdx, a lending DApp, and transferred the capital to both Compound and Fulcrum. On Fulcrum, the attacker shorted ETH against Wrapped Bitcoin (WBTC) while simultaneously taking out a Compound loan of WBTC. By exploiting the price increase of WBTC caused by Fulcrum’s acquisition, the attacker sold their WBTC on Uniswap, repaid the loans, and escaped with the surplus ETH.

In May 2021, PancakeBunny, a popular yield farming aggregator on the Binance Smart Chain, became a victim of a flash loan attack. The attacker borrowed a significant amount of BNB on PancakeBunny, manipulating its price in relation to the Binance USD stablecoin and Bunny tokens. By dumping their Bunny tokens on the market, the attacker caused a sharp price drop.

Avatar of Coincu

Author

Coincu

Glossary

Flash Loan Attack

Understanding Flash Loan Attacks

A flash loan attack is a type of exploit in decentralized finance (DeFi) that targets a specific pool by draining assets through a smart contract designed for flash loans. In these attacks, the malicious actor borrows capital through a loan, uses it to purchase other assets through arbitrage, and quickly repays the loan, ultimately profiting from the remaining assets.

It is important to note that flash loan attacks can only occur within DeFi protocols, as they operate in a permissionless manner and rely solely on smart contracts. While the absence of intermediaries offers advantages such as cost savings and resistance to censorship, it also makes DeFi platforms vulnerable to such attacks.

Executing a flash loan attack is a complex and challenging task, but cybercriminals have successfully carried out numerous cases.

Typically, flash loan attacks involve leveraging borrowed capital to arbitrage assets from other DeFi protocols. For instance, in the bZx protocol attack, the hacker borrowed a loan from a contract and promptly converted it into stablecoins. By manipulating the price of the stablecoin sUSD through a large buy order, the attacker inflated its value. Subsequently, the attacker obtained a larger loan using the manipulated sUSD as collateral, repaid all loans, and profited from the remaining assets.

Another notable flash loan attack occurred earlier on the same platform. The attacker took out a flash loan on dYdx, a lending DApp, and transferred the capital to both Compound and Fulcrum. On Fulcrum, the attacker shorted ETH against Wrapped Bitcoin (WBTC) while simultaneously taking out a Compound loan of WBTC. By exploiting the price increase of WBTC caused by Fulcrum’s acquisition, the attacker sold their WBTC on Uniswap, repaid the loans, and escaped with the surplus ETH.

In May 2021, PancakeBunny, a popular yield farming aggregator on the Binance Smart Chain, became a victim of a flash loan attack. The attacker borrowed a significant amount of BNB on PancakeBunny, manipulating its price in relation to the Binance USD stablecoin and Bunny tokens. By dumping their Bunny tokens on the market, the attacker caused a sharp price drop.

Visited 53 times, 1 visit(s) today

Leave a Reply