Since the beginning of the year, the decentralized finance (DeFi) ecosystem has rapidly grown to more than . With this exponential growth, incentives have increased for malicious actors to manipulate and attack vulnerable DeFi protocols, often at the expense of regular users.
One of the more recent tools used within many DeFi attacks are flash loans – a new type of financial primitive that allows users to open uncollateralized loans with the sole stipulation that the loan be paid back within the same transaction or it reverts. This is a significant departure from traditional DeFi lending, which often requires a user to over-collateralize a loan upfront.
The novelty of a flash loan is that it can temporarily make anyone in the world a very well-capitalized actor, with the potential to suddenly manipulate the market. In the recent string of attacks, we’ve seen malicious actors use flash loans to instantaneously borrow, swap, deposit and again borrow large numbers of tokens so they can artificially move a token’s price on a single exchange. This sequence is essentially the foot in the door, allowing the attacker to then exploit that exchange’s anomalous pricing.
When flash loans are used as part of a larger malicious scheme to manipulate a protocol and steal its funds, the phrase “flash loan attack” becomes the hot crypto term of the week. Media outlets and Twitter influencers alike focus on the workings of the flash loan, the malicious actor took to jump from , protocol to protocol, all within one transaction.
But the phrase “flash loan attack” doesn’t capture the complete issue at hand. Flash loans do not create vulnerabilities within DeFi – they simply reveal vulnerabilities that already exist. “Flash loan attacks” are often just attacks on oracles, the entities that connect on-chain DeFi applications with off-chain data, such as the fair market price of a certain asset. The real systemic risk in the DeFi ecosystem is around centralized oracles, not flash loans.
For those on the sidelines watching an attack unfold, there’s something fascinating about flash loans. The idea that anyone can suddenly control huge amounts of money and deploy it in novel, exotic and, yes, sometimes even malicious ways showcases how this technology can empower the individual and unlock entirely new financial instruments. Rather than analyzing the ultimate function and target of the flash loan, we instead marvel at the ingenuity of its creator and the sophistication of the attack. As a result, flash loans are increasingly characterized as a dangerous DeFi innovation.