Angel Investors Network
    Glossary

    Flash Loan Attack

    A flash loan attack is a sophisticated cryptocurrency exploit where attackers borrow large amounts of crypto without collateral, exploit price discrepancies or smart contract vulnerabilities within the same transaction, and repay the loan plus fees—all in milliseconds. These attacks have resulted in millions in losses from DeFi protocols and represent a unique risk in decentralized finance that traditional investors rarely encounter.

    A flash loan attack is a cryptocurrency exploitation technique where attackers borrow massive amounts of digital assets from DeFi lending protocols without posting collateral. Within a single blockchain transaction lasting milliseconds, the attacker uses these borrowed funds to manipulate markets or exploit smart contract vulnerabilities, then repays the loan plus a small fee before the transaction settles. This atomicity—the all-or-nothing nature of blockchain transactions—makes flash loans unique to cryptocurrency and impossible in traditional finance.

    How It Works

    Flash loans operate within a single blockchain block, typically lasting 12-15 seconds maximum. An attacker borrows funds from a liquidity pool, executes a series of trades or contract interactions designed to generate profit through price manipulation or bug exploitation, and repays the original amount plus fees before the block confirms. If the attacker cannot repay, the entire transaction reverses as if it never happened. This creates a seemingly risk-free borrowing opportunity that malicious actors exploit through arbitrage, price oracle manipulation, or smart contract flaws.

    Why It Matters for Investors

    Flash loan attacks represent significant risk for anyone with capital in DeFi protocols, crypto lending platforms, or cryptocurrency hedge funds. Between 2020-2023, flash loan exploits resulted in over $100 million in losses. If you're evaluating a crypto investment opportunity or considering allocation to decentralized platforms, understanding this vulnerability helps you assess security practices and protocol resilience. Strong projects implement safeguards like time delays on price updates and multiple pricing sources to defend against these attacks.

    Example

    A classic 2020 attack exploited bZx protocol: an attacker borrowed 7,500 ETH through a flash loan, used it to manipulate the price of sUSD on decentralized exchanges, and profited from the price discrepancy before repaying the loan. The attacker earned roughly $350,000 in profit. More recent attacks have targeted oracle systems that report asset prices—by manipulating these prices temporarily using flash loans, attackers trigger liquidations or trades that benefit their position.

    Key Takeaways

    • Flash loan attacks are unique to blockchain-based finance and leverage the atomic nature of transactions to borrow without collateral
    • Attacks typically target price oracle weaknesses or smart contract bugs rather than stealing funds outright
    • Risk exists for any DeFi investor; evaluate protocols' defenses against oracle manipulation and transaction ordering attacks
    • Legitimate flash loans serve valid purposes (arbitrage, liquidation), but the technology's design creates exploitation vectors that traditional finance cannot replicate