How Flash loans are used to manipulate the crypto market

According to a recent report, attacks on flash loans are on the rise. What are they and what are the risks?

Imagine being able to take out a loan of almost unlimited size without providing any collateral. It’s just a catch. You have to pay back almost immediately. Sound weird? It probably does. But that’s exactly what a flash loan is. As the name suggests, these loans happen almost instantly. (Think the DC Comic superhero, The Flash, who can travel at the speed of light.)

A recent report from De.Fi suggests that flash loans are on the rise and bad actors are using them in an increasing number of exploits. In the first quarter of this year, $200 million was lost due to this exploitation.

But why would anyone want to take out an almost instant loan? Well, like many things in crypto, it comes down to good returns.

Flash loans and flash loan attacks explained

The logic of flash loans relies on arbitrage, the process of taking advantage of small price differences. Unlike other types of loans, flash loans do not require a long approval process, so they can be done quickly. “Given the low fees involved in the one-transaction loan, there is a huge potential for high returns,” explained Artem Bondarenko, software architect at De.Fi, in an interview with BeInCrypto. “For creditors of a flash loan, there is no risk since the loan is returned immediately. Otherwise, the transaction fails.”

In traditional finance, there is nothing like a flash loan. It is similar to a call option, but with some significant differences. With a flash loan you can use the borrowed money straight away, while with a purchase option you have to wait. In traditional finance, transactions usually happen one at a time, while with flash loans they happen in blocks. However, these short-term measures are not entirely without drawbacks, as De.Fi’s report outlines.

“A flash loan attack takes place when someone is able to borrow a large amount in one place and use it to manipulate prices by buying or selling in large quantities, thereby influencing the price of an asset,” Bondarenko said. “Then using that change in price to leverage the opposite by buying or selling on another side, creating arbitrage between the prices in the two places, then repaying the original loan and taking out the difference.”

“If the liquidity protocol is properly designed with the correct price oracles, this should not be a problem, but in cases where the design is poor, it is a vulnerability that can be exploited and lead to a mass liquidation event,” Bondarenko added.

Who are the victims?

Flash loans are attractive to attackers because they offer the opportunity to borrow large sums of cryptocurrency without providing collateral. To prevent such attacks, better security measures such as code audits and robust smart contract design can be implemented, and awareness of potential attack vectors can be increased within the DeFi ecosystem.

On March 13, Euler Finance, a well-known Ethereum-based lending protocol, was hacked, and the attacker stole millions of dollars in various cryptocurrencies, such as Dai, USDC, Staked Ethereum, and Wrapped Bitcoin, by performing multiple transactions.

The total amount stolen was almost $196 million, with $8.7 million in Dai, $18.5 million in WBTC, $135.8 million in StETH, and $33.8 million in USDC.

The attacker moved the stolen funds from the Binance Smart Chain to Ethereum using a multi-chain bridge, and then carried out the flash loan attack. They deposited the stolen funds in Tornado Cash, a well-known crypto-mixer, to complicate recovery efforts and hide their identities.

The month before, on February 16, Platypus Finance, an automated market maker, suffered a flash loan attack of its own. The attacker stole $8,500,887 worth of stablecoins, including USDC, USDT, BUSD and DAI.

In this case, the attacker exploited a vulnerability in USP’s solvency control mechanism. In the process, the attacker secured a flash loan of 44,000,000 USDC, then exchanged it for 44,000,000 Platypus LP-USD. They then minted 41,700,000 USP tokens at no cost, which were exchanged for various stablecoins.

Platypus Finance has partnered with third-party services to freeze the stolen assets, and some have already been frozen. The malicious contract was removed and additional security measures implemented to prevent future attacks. However, the attacker managed to transfer some of the stolen funds.

How to reduce the risk?

In a way, Flash Loans are one of the great equalizers of crypto. They allow traders with less capital to engage in high-reward trades that would normally only be open to so-called whales. “But as we’ve seen several times, flash loans also pose a big risk to DeFi protocols that don’t take such things into account,” Adrian Hetman, technical lead of the triaging team at Immunefi, told BeInCrypto.

“Protocols should not only protect themselves from possible flash-loan-enabled attacks, but also from whale attacks, i.e. what would happen if big players suddenly used their huge funds to use our protocol? Would the system behave as intended? What is our ‘intended’ business flow?” Hetman continued. “Threat modeling will help reveal potential weaknesses in the system.”

“Using time-weighted average price (TWAP), oracles can help minimize price manipulation by averaging prices over a specific time period, making it more difficult for attackers to manipulate prices in a single transaction. In addition, implementing multi-oracle- systems provide redundancy and cross-checking for price data, further strengthening defenses against manipulation,” Hetman added.

By implementing circuit breakers, flash loan attackers can be prevented from profiting from manipulated prices when significant price fluctuations are detected, Hetman explained. “Once the cause of the price fluctuation is identified and addressed, trading can be resumed. This must include potential valid trades that may only appear suspicious from the outside.”

“It is also important not to allow large protocol actions to occur over just one block. Flash loans, most of the time, can only be taken in one transaction for a block,” Hetman added.