What Is a Flash Loan Attack? The DeFi Exploit That Borrows Millions Without Collateral

The Most Unusual Financial Instrument in Existence

A flash loan allows you to borrow any amount of assets from a lending pool without collateral, under one condition: the loan must be borrowed, used, and repaid within a single blockchain transaction. If the loan isn't repaid by the end of the transaction, the entire transaction reverts as if it never happened — the protocol loses nothing.

This atomic guarantee makes flash loans theoretically safe for lenders and theoretically very powerful for borrowers. In practice, the ability to temporarily access enormous capital — sometimes hundreds of millions of dollars — within a single transaction has enabled both sophisticated legitimate strategies and some of the largest exploits in DeFi history.

Legitimate Uses of Flash Loans

Flash loans are genuinely useful for several non-malicious purposes:

• Arbitrage: Buy an asset cheap on DEX A, sell it for more on DEX B, repay the flash loan, profit the spread — all in one transaction with zero initial capital
• Collateral swaps: Replace one loan's collateral with another asset atomically without closing and reopening the position
• Self-liquidation: A borrower who wants to close a leveraged position can flash-loan the borrowed amount, repay the loan, withdraw collateral, sell it to repay the flash loan

How a Flash Loan Attack Works: Step by Step

Here's a concrete example of the type of attack that drained hundreds of millions from DeFi protocols:

1. Attacker takes a flash loan of $100M USDC from Aave (zero collateral, must repay in same transaction)
2. Attacker uses the $100M to buy a large amount of TokenX in a DEX pool, dramatically pushing up TokenX's price
3. A victim protocol uses TokenX's spot price as its oracle. The artificially high price makes the attacker's small TokenX holding appear to be worth $200M as collateral
4. Attacker borrows $150M from the victim protocol against the fake-valued TokenX collateral
5. Attacker repays the flash loan ($100M + fee), netting $50M profit
6. Transaction completes; TokenX price returns to normal; victim protocol is left with worthless collateral

The entire sequence executes in one block — less than a second on Solana. By the time anyone can react, the exploit is already complete and the funds moved.

Defenses Against Flash Loan Attacks

The security community has developed robust defenses that well-audited modern protocols implement:

• No spot price oracles: Use TWAP or multi-source oracles that can't be moved by a single transaction
• Reentrancy guards: Prevent recursive calls during a transaction that spans flash loan → exploit → repay
• Single-block operations limitations: Some protocols restrict borrowing and withdrawing in the same block
• Audit and formal verification: Most flash loan attack surfaces are detectable in code review

Why This Matters for Your DeFi Safety

Flash loan attacks don't typically target individual users' wallets — they drain protocol treasuries and liquidity pools. If you're a liquidity provider in a DeFi protocol that gets flash-loan exploited, your deposited assets may be partially or fully lost. This is one of the primary reasons why "smart contract risk" is a genuine and material risk for any DeFi participation, and why protocol choice — specifically their security audit history and oracle architecture — matters so much.