Guide
July 15, 2026

Flash Loan Attacks Explained: How They Work and How to Detect Them

What flash loan attacks are, why the loan itself is never the vulnerability, and how exploits that borrow nine figures with zero collateral are detected on-chain within 300 milliseconds.

Flash Loan Attacks Explained: How They Work and How to Detect Them

TLDR

Flash loan attacks remain the most recognizable exploit pattern in DeFi. An attacker borrows tens or hundreds of millions of dollars with zero collateral, uses that capital to distort a protocol's internal accounting within a single transaction, extracts value, and repays the loan before the block closes. The flash loan itself is not the vulnerability. It is an amplifier that turns small design flaws, usually in price oracles or balance accounting, into total pool drainage. This guide explains how flash loans work, walks through the anatomy of a real attack, and shows what these exploits look like when detected on-chain in real time.

What Is a Flash Loan?

A flash loan is an uncollateralized loan that must be borrowed and repaid within a single blockchain transaction. Protocols like Aave, Morpho, Venus, and Balancer expose flash loan entry points because atomicity makes them risk-free for the lender: if the borrower fails to return the principal plus fee by the end of the transaction, the entire transaction reverts and the loan effectively never happened.

function flashLoan( address receiver, address token, uint256 amount, bytes calldata params ) external { uint256 balanceBefore = IERC20(token).balanceOf(address(this)); IERC20(token).transfer(receiver, amount); IFlashLoanReceiver(receiver).executeOperation(token, amount, params); require( IERC20(token).balanceOf(address(this)) >= balanceBefore + fee, "loan not repaid" ); }

Legitimate uses include collateral swaps, liquidations, and arbitrage. But the same mechanism hands any attacker with a few dollars of gas the temporary buying power of a whale. Capital ceases to be a barrier; the only requirement is a vulnerability that can be exploited and unwound inside one atomic transaction.

How a Flash Loan Attack Works

Nearly every flash loan attack follows the same four-step skeleton. The attacker borrows a large amount of a liquid asset, uses it to manipulate some state the victim contract trusts, interacts with the victim while that state is distorted, and then reverses the manipulation and repays the loan. The profit is whatever value leaked out of the victim during the distorted window.

The state being manipulated is most often a price. A contract that reads the spot reserves of a DEX pair as its price oracle can be shown any price the attacker wants, because a large enough swap moves those reserves arbitrarily within the transaction. The NewGold Protocol attack is a textbook example: the attacker borrowed $211 million from Morpho and Venus, dumped it into the NGP-USDT PancakeSwap pool to crash the reported token price, bought NGP at the artificial discount while bypassing purchase limits, and then triggered broken fee logic to drain the pool for roughly $2 million.

Price is not the only target. Flash loans have been used to swing governance votes with borrowed tokens, to inflate share prices in vaults that compute value per share from raw token balances, and to satisfy liquidity thresholds that gate privileged operations. In the Shibarium bridge exploit, a flash loan of BONE tokens gave the attacker temporary voting power that, combined with compromised validator keys, authorized fraudulent checkpoints against the bridge.

Why the Flash Loan Is Not the Vulnerability

It is tempting to blame the lending protocols, but a protocol that is exploitable with a flash loan is exploitable without one. The flash loan only removes the capital requirement. Any attacker with sufficient funds, or a coordinated group, could perform the same manipulation across the same transaction. This is why "flash loan protection" that simply blocks contracts holding borrowed funds is security theater; the real fix is to remove the assumption that in-transaction state is trustworthy.

Three assumptions account for most flash loan losses. First, that spot DEX reserves reflect fair market price. Second, that a contract's token balance changes only through its own accounting paths, when in reality anyone can transfer tokens in or force reserves to sync. Third, that voting power or share ownership measured at a single instant represents a persistent stake. Every one of these assumptions fails the moment an attacker can borrow nine figures for one transaction.

What a Flash Loan Attack Looks Like On-Chain

From a monitoring perspective, flash loan attacks are among the most detectable exploit classes because they compress an abnormal sequence of events into one transaction: a massive borrow, a large swap that moves a pool's reserves by orders of magnitude, privileged calls into a victim contract, the reverse swap, and repayment. Heuristics that track anomalous profit extraction catch this pattern within the same block.

Defimon's detection pipeline flags these transactions in under 300 milliseconds and streams them as structured JSON. A raw alert for a flash loan attack carries the attacker and victim addresses, the attack transaction, the USD balance change, and full protocol enrichment, so an automated consumer can react before the attacker's next move:

{ "type": "attack_detected", "network": "bsc", "attack_type": "suspicious_contract_call_with_profit", "tx_hash": "0xc2066e0dff1a8a042057387d7356ad7ced76ab90904baa1e0b5ecbc2434df8e1", "balance_change_usd": -2000000, "victim": { "protocol": "NewGold Protocol", "tvl_usd": 2300000 } }

The full payload specification is documented in the WebSocket attack message reference. Because many flash loan attackers rehearse with smaller probing transactions or deploy their exploit contract minutes before execution, protocols consuming a real-time exploit feed have a realistic window to pause contracts, pull protocol-owned liquidity, or front-run the drain with a whitehat rescue.

Defending Your Protocol

Defense starts at design time. Use time-weighted or externally validated price oracles instead of spot reserves, compute vault share prices from internal accounting rather than raw balances, enforce timelocks between acquiring governance power and using it, and assume any threshold measurable within one transaction can be met by borrowed capital.

Design review alone is not sufficient, as audited protocols are exploited regularly. The remaining risk is operational: knowing within seconds, not hours, that an attack transaction has landed. Post-incident timelines repeatedly show that stolen funds sit in the attacker's address for minutes before laundering begins. Teams that learn about the exploit from social media lose that window; teams wired into an automated detection feed can act inside it.

Flash loans made capital free for attackers. Real-time detection is how defenders take the time advantage back.

Be Among The First to Know

In DeFi, a small delay costs millions. Get the threat intelligence to rely on.

@DefimonAlerts

© 2026 Defimon by Decurity

Powered by QuickNode