Flash Loan Attack
What is Flash Loan Attack?
Flash Loan AttackA DeFi exploit that borrows a massive uncollateralised flash loan within one transaction to manipulate prices or governance and steal funds before the loan is repaid.
Flash loans, popularised by Aave and dYdX, allow a borrower to take any amount of liquidity as long as it is returned in the same atomic transaction. Attackers chain flash loans with vulnerable protocols to swing on-chain prices, manipulate AMM-based oracles, exploit reward formulas, or hijack governance proposals. Because the entire operation runs in a single transaction, the attacker risks only gas and can compose many protocols at once. Defences include using time-weighted average prices (TWAPs), oracle providers like Chainlink, snapshot-based governance, reentrancy guards, and invariant testing. Flash-loan attacks became one of the most common DeFi exploit categories from 2020 onward.
● Examples
- 01
The bZx flash-loan incidents (February 2020) manipulated oracles to extract roughly 1 million USD.
- 02
The Beanstalk Farms attack (April 2022) used a 1 billion USD flash loan to pass a malicious governance proposal and drain about 182 million USD.
● Frequently asked questions
What is Flash Loan Attack?
A DeFi exploit that borrows a massive uncollateralised flash loan within one transaction to manipulate prices or governance and steal funds before the loan is repaid. It belongs to the Web3 & Blockchain category of cybersecurity.
What does Flash Loan Attack mean?
A DeFi exploit that borrows a massive uncollateralised flash loan within one transaction to manipulate prices or governance and steal funds before the loan is repaid.
How does Flash Loan Attack work?
Flash loans, popularised by Aave and dYdX, allow a borrower to take any amount of liquidity as long as it is returned in the same atomic transaction. Attackers chain flash loans with vulnerable protocols to swing on-chain prices, manipulate AMM-based oracles, exploit reward formulas, or hijack governance proposals. Because the entire operation runs in a single transaction, the attacker risks only gas and can compose many protocols at once. Defences include using time-weighted average prices (TWAPs), oracle providers like Chainlink, snapshot-based governance, reentrancy guards, and invariant testing. Flash-loan attacks became one of the most common DeFi exploit categories from 2020 onward.
How do you defend against Flash Loan Attack?
Defences for Flash Loan Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Flash Loan Attack?
Common alternative names include: Flash-loan exploit.
● Related terms
- web3№ 1056
Smart Contract Security
The practice of designing, reviewing, and operating on-chain programs so they cannot be exploited to steal funds, freeze logic, or violate intended business rules.
- web3№ 765
Oracle Manipulation
An attack that distorts the price or data feed used by a smart contract so the contract makes wildly wrong decisions about lending, liquidations, or settlement.
- web3№ 910
Reentrancy Attack
A smart-contract exploit where an external call lets the attacker re-enter the calling function before its state is updated, draining funds in a recursive loop.
- web3№ 675
MEV (Maximal Extractable Value)
The profit that block builders, validators, or searchers can extract by reordering, inserting, or censoring transactions within the blocks they produce.
- web3№ 1055
Smart Contract Audit
An independent security review of smart-contract source code, deployment configuration, and economic design to find vulnerabilities before launch or upgrade.
- web3№ 106
Blockchain Security
The discipline of protecting distributed ledgers, their consensus mechanisms, smart contracts, and surrounding infrastructure from compromise, fraud, and theft.
● See also
- № 435Front-Running (Blockchain)
- № 965Sandwich Attack
- № 300DeFi