Flash Loan Attack
An exploit where an attacker borrows a huge amount of cryptocurrency without collateral in one transaction and uses it to manipulate prices or drain a protocol before repaying.
Also known as: flash loan exploit, flash loan hack
Last reviewed: 10 June 2026
Flash loans are a genuine DeFi primitive: they allow any amount of cryptocurrency to be borrowed and repaid within a single transaction block, with no collateral required, because the loan is atomically guaranteed to be repaid or the entire transaction reverts. They have legitimate uses in arbitrage and liquidations.
Attackers use flash loans to borrow enormous sums, artificially move the price of an asset on a DEX to exploit a protocol that uses that price as a reference, drain funds from the target, and repay the loan, all in one atomic transaction. The attack requires no capital beyond gas fees. Billions of dollars have been stolen from DeFi protocols this way.
For consumers, the risk is indirect: flash loan attacks drain protocols where user funds are deposited. Concentrating funds in protocols with long track records, multiple audits, circuit breakers, and price oracle diversity (not relying on a single DEX for pricing) reduces exposure to this category of risk.