Flash loans have become a primary attack vector for malicious actors looking to exploit the DeFi protocol, and they are on the rise.
A flash loan is a crypto loan that is withdrawn and repaid within the same transaction. Under normal circumstances, the exercise can lead to quick collateral swaps. It can also be used to trade arbitrage and save on transaction fees. DeFi lending platform Aave pioneered and promoted this concept in 2020.
However, this method is increasingly used by malicious actors to attack loopholes in some DeFi protocols.
In traditional finance, obtaining a loan requires difficult paperwork and proof of identity and income. But anyone can do it in DeFi. These loans are often uncollateralized. This means the borrower does not have to risk any of his assets.
Flash loans use smart contracts. They prevent funds from moving forward unless certain criteria are met. Furthermore, if the borrower does not pay the loan before the transaction ends, the smart contract reverses it.
Quick swap the latest victim
Flash loans have gotten a bad reputation over the years as they have been used to attack multiple DeFi protocols.
Polygon-based decentralized exchange (DEX) QuickSwap has become the latest victim of this attack vector. The platform lost $220,000 in an exploit on October 24. The DEX blamed a vulnerability in a curve oracle that Market XYZ was using.
Additionally, the QiDao protocol provided seed funding for the market. Reportedly no QuickSwap user funds were compromised.
Additionally, 2021 was a big year for sudden debt strikes. Explorers stole millions of dollars from multiple protocols. These include Cream Finance, Impossible Finance, Bogged Finance, PancakeBunny, Bearn, Spartan and Ear Finance.
Biggest Flash Loan Exploitation in 2022
DeFiYield’s Rekt database lists a total of 56 flash loans, including several million-dollar-plus hacks in 2022. These include Nirvana Finance, New Free DAO, Inverse Finance, DEUS Finance, Elephant Money and OneRing. Beanstalk lost $181 million in April in the biggest flash loan exploit ever this year.
According to Chainalysis, October (jokingly known as ‘Hacktober’) has been the highest month in history for hacking and crypto exploits.
Money has also been stolen from the DeFi platform through economic design flaws. The most recent was the $116 million Mango Market theft earlier this month, when an attacker manipulated token prices using perpetual futures.
All information contained on our website is published in good faith and for general information purposes only. Any action taken by readers on information found on our website is strictly at their own risk.