Flash Loans: Crypto Innovation or Added DeFi Risk?

User profile photo
By Kate
Estimated reading: 8mins
Flash Loans

Flash loans represent a relatively new means of financing that eliminates the deficiencies of centralized and even blockchain-based solutions. 

Getting a loan in a traditional financial system can be challenging.

Usually, there is a whole plethora of documents to submit and a long period of time to wait before you get a confirmation. 

Blockchain has significantly simplified the process.

Such platforms as Aave, Compound and Celsius make it possible to get some liquid currency such as ETH in a few clicks of a mouse. And yet, they come with their own limitations. To get funds, you still have to pledge collateral to prove your solvency and thus freeze the money until you pay back the loan.

Flash loans on blockchain take a step further and eliminate the necessity to submit any collateral at all. How does this innovation work and what pitfalls can await those who rely on this method?

Let’s take a closer look.

What is a Flash Loan?

A flash loan is a type of loan that is made available to borrowers and executed within a very short time frame, typically in seconds or minutes. Flash loans are unique in that sometimes they do not require any collateral or credit check, and they are available to anyone with an internet connection and access to a decentralized finance (DeFi) platform.

Similar to the TradFi processes, a flash loan implies borrowing assets and returning them with an interest in a risk-free manner.

However, there are a few features that make this process different:

  • Instant transactions. A borrower doesn’t need to submit any documents and wait for the approval. With flash loans, one gets the funds and returns them instantly within a single transaction. 
  • Smart contracts. These are special tools that help to ensure that all the conditions of a deal are met before transferring funds from one party to another. With flash loans, it’s not the borrower who repays the loan but the code of the program. 
  • Unsecured loan. Unlike traditional loans, flash loans do not require any collateral to ensure the repayment of debt. Thanks to smart contracts and the short time of the whole operation, borrowers return the funds straight away.

Use Cases of Flash Loans

Here comes the next logical question. What use can one make of such a loan that implies returning the funds so quickly? The key use cases include the following:

  • Arbitrage. Due to the overall inconsistency of the crypto market, assets may have different values on different exchanges. Traders who discover such opportunities may use flash loans to make profits on these differences.
  • Collateral swaps. Flash loans enable traders to swap their collaterals in a single block of transactions.
  • Self-liquidation. Users can save their funds from liquidation by closing their collateralized debts with flash loans.

Regardless of the case, the process in general looks as follows:

  1. A trader takes a flash loan in some liquid currency, e.g. DAI.
  2. He or she uses the funds for closing positions or for exchanging cryptocurrencies.
  3. Once the goal is achieved, the trader automatically returns the funds to the pool.

As mentioned earlier, all of these transactions happen almost instantaneously one after the other. It is impossible to perform all these transactions manually in such a fast manner. This is where smart contracts come to help once more. 

Developers with specific technical knowledge can build contracts that would make flash loans on their behalf. Those who don’t have the required skills can rely on out-of-the-box solutions such as Collateral Swap or DeFi Saver that can help to perform flash loans without coding.

What is Flash Loan Arbitrage?

Flash loan arbitrage is a strategy in decentralized finance (DeFi) that takes advantage of temporary market inefficiencies using flash loans. The idea is to borrow a large amount of funds for a very short period of time, typically just a few seconds or minutes, and use that capital to take advantage of price discrepancies in the market.

For example, a trader might borrow funds to purchase a token at a low price on one decentralized exchange, then quickly sell that same token on another exchange for a higher price. The trader would then repay the flash loan and keep the difference as profit.

Flash loan arbitrage can be a highly lucrative strategy, but it also comes with significant risks, as the trades must be executed quickly and accurately.

Flash Loan Attacks

As the new means of taking loans on blockchain grows in popularity, flash loan attacks become a common scenario as well. How do such attacks work?

Smart contracts represent a very nice means of automating different activities, including those related to trading processes. They reduce the need for intermediaries and help traders execute operations in a fast and cost-efficient manner. As a consequence, they can be used to break protocols.

The key challenge with smart contracts is their complexity. Developers are only humans after all, and they make mistakes that result in vulnerabilities. When discovered by hackers, these vulnerabilities may play into their hands and help them drain projects’ funds.

“In DeFi, you can't build products that don't break, you have to build things others can't break. Flash loans are an example of an efficient market trying to capture value.”

- Wallrus

Examples of Flash Loan Attacks

Some of the largest flash loan attacks in the history of cryptocurrencies include the following cases.

#1. Beanstalk Farms, 2022 - $182 million

Beanstalk is a credit-based stablecoin lending protocol running on Ethereum. The attacker exploited its governance mechanism having discovered a vulnerability after the implementation of Curve LP Silos. 

The vulnerability enabled the attacker to enforce the execution of a malicious proposal and thus drain the project’s funds. Thanks to a large sum gained via a flash loan, the attacker obtained extensive voting rights and managed to abuse the protocol.

#2. Cream Finance, 2021 - $130 million

C.R.E.A.M. Finance experienced a number of attacks throughout 2021. One of the largest heists resulted in a loss of $130 million worth of CREAM liquidity tokens. Though Etherscan added a corresponding warning to the attacker’s address, the real person standing behind this theft is yet to be found.

Just like in the case of many other protocol hacks, the attackers used the loans to manipulate the market prices. Cream Finance was collaborating closely with another lending platform Yearn Finance. The latest one remained safe and even helped Cream Finance to patch the vulnerability later on.

#3. PancakeBunny, 2021 - $200 million

The attacker got an enormous number of BNB via a flash loan and manipulated the price of the BUNNY/BNB and USDT/BNB trading pairs. The large loan enabled the hacker to obtain a big number of BUNNY tokens which he sold off immediately causing the token price to drop dramatically, from $146 to $6.17. After that, the hacker repaid his debt and disappeared with the profits.

How To Prevent Flash Loan Attacks?

For developers, there are three key ways to improve the security of their smart contracts and prevent flash loan attacks.

Flash Loans Attacks
  1. Smart contract audit. It is always useful to have a third-party review of your code. External auditors can take an unbiased look at the smart contract and highlight all the potential vulnerabilities before the project goes live on the mainnet.
  2. Decentralized pricing oracles. Most flash loan attacks rely on price manipulations. Decentralized blockchain oracles like those provided by Tellor can help to withstand them by presenting accurate pricing verified on-chain.
  3. Bug bounty programs. DeFi protocols often launch bug-hunting programs offering large bounties to those who discover any vulnerabilities. This technique has proven to be quite efficient and helped many high-profile projects improve their security.

Sad but true, even all these precautions still cannot fully guarantee the safety of your funds. As technology evolves, so do the hacker’s methods. Thus, even projects with top-notch security may fail sometimes. Therefore, if you are an investor aiming to protect your funds, you should never store all eggs in one basket and implement other best practices to reduce the chance of money losses.

Join The Leading Crypto Channel


Disclaimer:Please note that nothing on this website constitutes financial advice. Whilst every effort has been made to ensure that the information provided on this website is accurate, individuals must not rely on this information to make a financial or investment decision. Before making any decision, we strongly recommend you consult a qualified professional who should take into account your specific investment objectives, financial situation and individual needs.

User Avatar


Kate is a blockchain specialist, enthusiast, and adopter, who loves writing about complex technologies and explaining them in simple words. Kate features regularly for Liquid Loans, plus Cointelegraph, Nomics, Cryptopay, ByBit and more.

Search The Blog
Latest Video
Latest Youtube Video
Latest Podcast
Latest Podcast
Newsletter Subscribe
Share This Article
The LL Librarian

Your Genius Liquid Loans Knowledge Assistant