Flash Loans, a concept that heavily revolutionized the ideas and the confidence individuals had in mind with regards to developing full-fledged financial systems in the form of currency you cannot even touch, cryptocurrency. While yes, the underlying Blockchain technology has been quite successful in allowing the functioning of such protocols, has it really been successful in ensuring nothing goes wrong?
Well, not only to answer that question by illustrating how flash loans work themselves but also by looking into where there are opportunities for exploitation, we come to the point of flash loan attacks. As this is the prime focus of the article which follows, flash loan attacks are going to be discussed in heavy detail. Moreover, to ensure there is an element of organization and structure, we need to divide the complicated topic up into segments.
The article is hence going to discuss and explore the idea of flash loan attacks in the following order.
- DeFi
- What are Flash Loan Attacks?
- Case Studies
- Why are Flash Loan attacks increasing?
As this article deals heavily with flash loan attacks, it is imperative to ensure the reader has a good grasp on what DeFi technology is, as flash loan attacks are a phenomenon that comes as part of a disadvantage DeFi has with its current state.
DeFi
Decentralized Finance is, as the name suggests, an ecosystem of applications based on the decentralized technology we now associate with popular cryptocurrencies such as bitcoin, Ethereum, and so on. However, decentralized Finance is not based on any ONE of the aforementioned cryptocurrencies. Rather it is based on the one technology which is shared amongst all major popular cryptocurrencies; Blockchain.
Blockchain technology is what is forming the basis of all features people identify as advantages in the cryptocurrency industry. No matter it is the anonymity or the fact that the currency is not controlled by a handful few, Blockchain technology is what enables cryptocurrencies to function. Now let’s define what the general concept of Blockchain is so we have a better understanding of not just DeFi, but by extension, flash loan attacks themselves.
Blockchain technology is based on the idea that currencies can exist outside the handling of banks, with no singular entity overlooking the transactions. Instead, a number of entities do so, which anybody can apply to be. Blockchain technology hence processes transactions and data processing by handing the tasks out to users who have agreed to do the task. This allows the existence of a ledger that is public; it is accessible by everyone at any time and is hence incorruptible.
When applications are built on this technology, it usually means that the processing of data is handled by not one entity but many, ensuring there is an element of trust between the application’s users and its data usage methods.
Moreover, Blockchain technology also allows complicated application data processing to be done faster as large chunks of data which has to be processed are divided into smaller chunks and are sent to be processed by different individuals all around. Hence, DeFi allows for applications to be made whose code is transparent, accessible, and in many cases unchangeable.
However, things can go wrong. Very wrong. As this is the sphere of programming, and no matter how expensive a lock you buy, there will always be someone skilled enough to pick it; there are many who have figured out how to manipulate the system for their own profit. In doing so, they end up hurting more and more people every day, and this is where the main focus of the article lies; flash loan attacks.
What are Flash Loan Attacks?
Starting off with the phrase itself, “flash loan attacks” introduce us to the idea of flash loans themselves. Referring to the many cases where DeFi technology has evolved to bring about huge changes in the financial ecosystem, we have the idea of uncollateralized loans, which is what flash loans essentially are. Flash loans are loans that are issued across the ecosystem set up by DeFi, which can be granted requiring no collateral whatsoever. They are based on the Ethereum network.
Some can say that Flash Loans was a stride in the movement towards the creation of a financial system that is transparent and decentralized, pushing out centralized institutions such as banks out of the handling and processing of loans.
Looking towards how they work on a technical scale, flash loans use smart contracts. Smart Contracts are bits of code in the programming of a wide array of decentralized applications which allow for a certain task to only be executed if certain conditions are met. In this case, funds do not transfer unless specific conditions on both ends of the transferring parties are met. The person who has taken the loan, who is the borrower, in this case, has to return back the loan before the transaction ends, and hence, this enables the borrow-lending process to take place efficiently and quickly without requiring any collateral.
Flash Loans are used by traders to earn from the price differences which occur for securities across multiple exchanges. This use is called Arbitrage, and a better way to make a point of how they work is by using an example.
Let’s say a certain token, call it XYZ. Its value is $10 on Exchange A and $20 on Exchange B. A user can thereby call for a flash loan of $1000 using which they can buy 100 XYZ for $10 each. They sell this XYZ on Exchange B for $20 each, allowing the user to get $2000, $1000 of which they would use to repay the loan, and a $1000 goes to their pocket. This feature of Flash Loans is what excites traders as it is a very easy way to get loans in the crypto sphere fast.
As for the earlier mentioned rhetoric on how much the flash loans concept has revolutionized the industry, the article stands solid on that. Looking at why flash loans work with the popularity that they do involves the great number of advantages they offer individuals looking to seek them.
Flash Loans ensure the transaction is only marked as done when the borrower returns the money they are supposed to, and otherwise, the transaction will be deemed as incomplete, and any potential exchange of money in the form of cryptocurrencies reversed. By doing this, they allow the exemption of one key component, which has become a part of the daily lives of many. However, it can be simply avoided. Interest Rates.
Interest is charged on the entire loan amount taken, which is then paid according to the amount of time the loan is borrowed for and the amount of the loan itself. Hence such amounts cause the borrower to always pay more to the lender than the lender did to the borrower. This could bug the individual for a few more months as they realize the amount of the extra money or interest that they have to pay increases.
Now while traditional loans will almost always require you to pay such amounts, with the exception being Islamic and some Jewish banks, flash loans can play a major game-changer here. They can allow for loans to be issued which would be interest-free. This would not only ensure greater accessibility to the loans but also increase affordability.
Flash Loans can allow for such transactions to take place without the need for an interest rate to be charged. Other than pure borrow-lending processes to be facilitated, flash loans also allow such processes to be executed very quickly. As the entire flash loan issuance process happens online on suitable platforms, while the repayment of the loan also remains in the same virtual realm, flash loans can be issued to individuals almost instantly.
This can prove to be a much more vital advantage since individuals may not have to go through the comparatively time-consuming process of drawing out a loan from a bank which they are not even sure they would get. With Flash Loans, anybody who essentially has internet access may be eligible to receive one; quickly and instantaneously.
They have a great number of advantages, such as the possibility of zero interest rates, instant issuance, and no assessment of credit scores before a loan is drawn out. Moreover, the fact that they don’t require any capital from the borrowing party is a golden benefit on its own. This allows individuals who have limited access to banking facilities, low capital, and an instant need for loans which they cannot wait for, access to flash loans.
As explained earlier, Flash Loans allow the individual to borrow as much as they want with the condition held via smart contracts. For example, say a person needs $2000 worth of ETH, the person will be able to get that amount; however, that amount does not belong to the person. The person will have to do something with the funds, so they come back in a position to repay the loan and maybe reach the amount in excess. All of this may seem highly complex, and it is. However, to ensure that these protocols are abided by and are executed when need be, they are all enforced by a Blockchain.
Flash Loan Attacks come back in the picture where certain individuals manipulate entire markets in such a way that ensures they abide by the rules of the Blockchain and, unfortunately, still do a lot of damage.
Case Studies
In effect, this is what flash loan attacks are. Certain individuals use flash loans in such a way that they abide by the Blockchain but also end up exploiting the situation, which allows them to manipulate the market and do a lot of avoidable damage. We will be illustrating the effect of flash loan attacks by mentioning relevant case studies below in order to illustrate a picture of the damage which can be done via flash loans on a real-world scale.
Let’s start off with the PancakeBunny attack, which may as well be the most recent flash loan attack which has occurred to date. The PancakeBunny attack is usually the term used to refer to events of May 2021 where hacker(s) were able to uncover an exploit in their system. Using the exploit, the hackers caused the PancakeBunny’s token to fall at more than 95% of its original value.
The entity who attacked borrowed a huge sum of BNB from PancakeSwap and used the amount of BNB borrowed to manipulate the price of BUNNY/BNB and USDT/BNB in the pools of PancakeBunny. Due to this, they were able to get away with stealing a large amount of BUNNY. The market crashed as they dumped it on the market. The attacker afterward paid the debt back through PancakeSwap. This allowed for the attacker to gobble up somewhere around $3 million in profits.
Perhaps one more attack to mention would be the largest flash loan attack of 2021 to further illustrate how bad things can go wrong when they go wrong. The Alpha Homora protocol attack is what we will be discussing, where clever attackers were able to rid the leveraged yield farming protocol of $37 million. This was done so by using Iron Bank, which is the platform by Cream which targets those looking for a lending platform. How the attack was carried out was by hitting the Iron Bank platform with multiple flash loans.
sUSD was borrowed by the hacker or attacker from the lending platform, Iron Bank, which is accessible through Alpha Homora dApp. The hacker doubled the amount borrowed each time. The hacker lent the borrowed funds back to Iron Bank each time they borrowed, and this allowed them to receive ySUSD or Yearn Synth sUSD in return. Afterward, the attacker borrowed $1.8 million USDC through Aave as a flash loan and then used the sUSD to swap them via Curve. This allowed the attacker to keep on paying back the loans, allowing them to keep on borrowing larger amounts and receiving more cyUSD each time.
This process was carried out multiple times, allowing the hacker to end up with massive amounts of cyUSD, which they then used to borrow other cryptocurrencies. What they borrowed included about 3.6 million USDC, 4.2 Million DAI, and 13 thousand Wrapped Ethereum.
Why are Flash Loan Attacks increasing?
Now that we have established the point of Flash Loans being dangerous and by illustrating examples that show to what extent can the attackers get away with, the question arises which asks why are flash loans getting so increasingly common? What would drive attackers to carry out more and more of these attacks?
To answer that question in part, you first have to look at the nature of Blockchain and how the factor of ‘everyone stays anonymous’ kicks in here. As there are so many nodes in the network, it gets highly difficult to trace transactions back. Even if the transaction is traced back, it is traced back to a wallet, not a personal bank account. Hence such getaways are common in the cryptocurrency world.
This could also explain why cryptocurrencies are the mode of payment on sketchy sites such as those found on the DarkNet. The fact that they are carried out on protocols utilizing Blockchain technology is one driving factor to why they are increasing, as the attackers have more confidence in their belief that they would not get caught.
The attacks are also low-risk. Compare robbing an actual physical bank with thousands of dollars worth of security technology versus an online protocol from the eyes of an attacker, and you start to see the point. This causes them to gain even more confidence in carrying out the attack. Looking back, no flash loan attacker has been caught as of yet. Despite the huge sums of money siphoned, they are still on the lookout as the nature of permissionless networks allows them access to tools to hide their identity.
Along with being low-risk, they are also cheap to carry out, which means the attacker does not need to make large financial commitments towards pulling an attack like this one-off. With the objective being to carry out a flash loan attack, an attacker may only need a computer, an internet connection, and planning. While yes, the planning needs to be carried out in an intricate manner to ensure success, it takes attackers only a few seconds to a few minutes to carry out the execution. Hence, they are cheap on money and time.
Conclusion
In conclusion, this article intended to highlight an issue prevalent in many DeFi protocols in order to raise awareness on the issue of Flash Loan attacks. The article was hence broken down into smaller chunks, each dealing with a key part in what would collectively allow a good understanding of Flash Loan Attacks.
This was carried out by giving a good conceptual and contextual understanding of what DeFi protocols are, what Flash Loans are, and how attackers utilize them to get away with huge sums of money. Relevant case studies were also mentioned in order to give a good in-depth practical understanding of the issue as well.
At Tokenhell, we help over 5,000 crypto companies amplify their content reach—and you can join them! For inquiries, reach out to us at info@tokenhell.com. Please remember, cryptocurrencies are highly volatile assets. Always conduct thorough research before making any investment decisions. Some content on this website, including posts under Crypto Cable, Sponsored Articles, and Press Releases, is provided by guest contributors or paid sponsors. The views expressed in these posts do not necessarily represent the opinions of Tokenhell. We are not responsible for the accuracy, quality, or reliability of any third-party content, advertisements, products, or banners featured on this site. For more details, please review our full terms and conditions / disclaimer.