List of Flash Loan Attacks in Crypto — ImmuneBytes

ImmuneBytes
11 min readMay 30, 2024

--

Flash loan exploits are a type of attack in the decentralized finance (DeFi) ecosystem that exploits the mechanics of flash loans. Flash loans are uncollateralized loans provided by certain DeFi protocols that must be borrowed and repaid within a single transaction. If the loan cannot be repaid within the same transaction, the transaction is reversed, making it as if the loan never happened.


+---------------------+--------------------------+--------------------+-------------------+------------------------------------------------------------------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| Project | Date of Exploit | Exploit Amt. (USD) | Blockchain | Type of Exploit | Contract Type | Exploited Contract Add | Exploit Transaction |
+---------------------+--------------------------+--------------------+-------------------+------------------------------------------------------------------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+
| Goledo Finance | 2024-01-28T00:00:00.000Z | 1700000 | | Smart Contracts Vulnerability, Flash Loan Attacks | DeFi | https://evm.confluxscan.net/address/0xcb6c84324030365d00ac9e02785b662876127da6 | https://evm.confluxscan.net/tx/0x9359dbee49fdb2567612908a419a95034df34af86874a0761f1e9111596526d9 |
| Gamma Strategies | 2024-01-06T00:00:00.000Z | 3400000 | Arbitrum | Flash Loan Attacks, Flash Loan Attacks | DEX | | https://arbiscan.io/tx/0x025cf2858723369d606ee3abbc4ec01eab064a97cc9ec578bf91c6908679be75 |
| Radiant Capital | 2024-01-03T00:00:00.000Z | 4500000 | Ethereum | Smart Contracts Vulnerability, Flash Loan Attacks | Lending and Borrowing | https://arbiscan.io/address/0xf4b1486dd74d07706052a33d31d7c0aafd0659e1 | https://arbiscan.io/tx/0x1ce7e9a9e3b6dd3293c9067221ac3260858ce119ecb7ca860eac28b2474c7c9b |
| Channels Finance | 2023-12-31T00:00:00.000Z | 320000 | BNB Chain | Smart Contracts Vulnerability, Flash Loan Attacks | DeFi | https://bscscan.com/address/0x07e536f23a197f6fb76f42ad01ac2bcdc3bf738e | https://bscscan.com/tx/0x93372ce9c86a25f1477b0c3068e745b5b829d5b58025bb1ab234230d3473b776 |
| GoodDollar | 2023-12-18T00:00:00.000Z | 624000 | | Smart Contracts Vulnerability, Flash Loan Attacks | | | |
| Peapods Finance | 2023-12-13T00:00:00.000Z | 239000 | Ethereum | Smart Contracts Vulnerability, Flash Loan Attacks, Reentrancy | | | |
| Fulcrum | 2023-12-04T00:00:00.000Z | 223000 | Ethereum | Smart Contracts Vulnerability, Flash Loan Attacks | DeFi | | https://etherscan.io/tx/0xb072f2e88058c147d8ff643694b43a42e36525b7173ce1daf76e6c06170b0e77 |
| FCN-TRUST | 2023-12-01T00:00:00.000Z | 504000 | BNB Chain | Flash Loan Attacks, Flash Loan Attacks | Tokens | | https://bscscan.com/tx/0xbeea4ff215b15870e22ed0e4d36ccd595974ffd55c3d75dad2230196cc379a52 |
| Platypus Defi | 2023-10-12T00:00:00.000Z | 2000000 | Avalanche C Chain | Flash Loan Attacks, Flash Loan Attacks | DeFi | | https://snowtrace.io/tx/0xab5f6242fb073af1bb3cd6e891bc93d247e748a69e599a3744ff070447acb20f |
| Balancer Vault | 2023-08-27T00:00:00.000Z | 2100000 | Ethereum | Flash Loan Attacks, Flash Loan Attacks | Vaults | | |
| Uwerx | 2023-08-02T00:00:00.000Z | 324000 | | Smart Contracts Vulnerability, Flash Loan Attacks | Vesting Contract | https://etherscan.io/address/0xda2ccfc4557ba55eada3cbebd0aeffcf97fc14ca | https://etherscan.io/tx/0x3b19e152943f31fe0830b67315ddc89be9a066dc89174256e17bc8c2d35b5af8 |
| WGPT | 2023-07-12T00:00:00.000Z | 82000 | BNB Chain | Flash Loan Attacks, Flash Loan Attacks | Tokens | https://bscscan.com/token/0x1f415255f7e2a8546559a553e962de7bc60d7942 | https://bscscan.com/tx/0x258e53526e5a48feb1e4beadbf7ee53e07e816681ea297332533371032446bfd |
| Libertify | 2023-07-11T00:00:00.000Z | 452000 | Ethereum | Flash Loan Attacks, Smart Contracts Vulnerability, Reentrancy | DeFi | https://etherscan.io/token/0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2?a=0xdfcdb5a86b167b3a418f3909d6f7a2f2873f2969 | https://etherscan.io/tx/0xcb0ad9da33ecabf75df0a24aabf8a4517e4a7c5b1b2f11fee3b6a1ad9299a282 |
| SELL Token | 2023-06-11T00:00:00.000Z | 105273 | BNB Chain | Flash Loan Attacks | Tokens | https://bscscan.com/token/0xa645995e9801f2ca6e2361edf4c2a138362bade4 | https://bscscan.com/tx/0xe968e648b2353cea06fc3da39714fb964b9354a1ee05750a3c5cc118da23444b |
| wDAO EON | 2023-06-02T00:00:00.000Z | 30000 | Polygon | Flash Loan Attacks | DEX | https://polygonscan.com/address/0x9d101e71064971165cd801e39c6b07234b65aa88 | https://explorer.phalcon.xyz/tx/polygon/0xa1f2377fc6c24d7cd9ca084cafec29e5d5c8442a10aae4e7e304a4fbf548be6d |
| Celframe Network | 2023-06-01T00:00:00.000Z | 74900 | BNB Chain | Flash Loan Attacks | DeFi | | |
| Jimbos Protocol | 2023-05-28T00:00:00.000Z | 7500000 | Arbitrum | Flash Loan Attacks, Smart Contracts Vulnerability, Price/Oracle Manipulation | DeFi | https://arbiscan.io/address/0x271944d9D8CA831F7c0dBCb20C4ee482376d6DE7 | https://arbiscan.io/tx/0x44a0f5650a038ab522087c02f734b80e6c748afb207995e757ed67ca037a5eda |
| LW token | 2023-05-12T00:00:00.000Z | 48000 | BNB Chain | Flash Loan Attacks | Tokens | https://bscscan.com/token/0x7b8c378df8650373d82ceb1085a18fe34031784f | https://bscscan.com/tx/0xb846f3aeb9b3027fe138b23bbf41901c155bd6d4b24f08d6b83bd37a975e4e4a |
| WEEB Token | 2023-05-10T00:00:00.000Z | 30689 | Ethereum | Flash Loan Attacks, Price/Oracle Manipulation | Tokens | https://etherscan.io/token/0x9e3d5b091e7728080d9b2e1aaf20ee63db6b65bb | https://etherscan.io/tx/0xcb58fb952914896b35d909136b9f719b71fc8bc60b59853459fc2476d4369c3a |
| MChainCapital | 2023-05-09T00:00:00.000Z | 18871 | Ethereum | Flash Loan Attacks | Tokens | https://etherscan.io/token/0x1a7981d87e3b6a95c1516eb820e223fe979896b3 | https://etherscan.io/tx/0xf72f1d10fc6923f87279ce6c0aef46e372c6652a696f280b0465a301a92f2e26 |
| Floki Inu | 2023-05-09T00:00:00.000Z | 58591 | BNB Chain | Flash Loan Attacks | Tokens | https://etherscan.io/token/0xcf0c122c6b73ff809c693db761e7baebe62b6a2e | https://etherscan.io/tx/0x118b7b7c11f9e9bd630ea84ef267b183b34021b667f4a3061f048207d266437a |
| Block Forest | 2023-05-06T00:00:00.000Z | 275439 | BNB Chain | Flash Loan Attacks | Tokens | https://bscscan.com/token/0xc4e83b0ef81b4c7cab394f1c0d4a39bf8bc4e248 | https://bscscan.com/tx/0x5a89e083e8e3ad75c38be65a6a92d7e32249cf9b5ceb304bf1ae2409241993ff |
| ForTubeFi | 2023-04-28T00:00:00.000Z | 60000 | Ethereum | Flash Loan Attacks, Price/Oracle Manipulation | DeFi | https://etherscan.io/token/0xdb694cb2b58f66c5e79ff272df37ecb46dc31add | https://etherscan.io/tx/0x4b4fa751b2cb82ff9aa53406f48e83a44babb7c60d2354e13905efa7a2ddffe7 |
| SASHIMI Token | 2023-04-25T00:00:00.000Z | 24200 | BNB Chain | Flash Loan Attacks | Tokens | https://bscscan.com/token/0x6cb9d7ecf84b0d3e7704ed91046e16f9d45c00fa | https://bscscan.com/tx/0x3bf529642d21ddde9c24569ae363ccc09c1d2cb2de2c375d67c05f90685ce07a |
| XBN Token | 2023-04-19T00:00:00.000Z | 10000 | BNB Chain | Flash Loan Attacks, Price/Oracle Manipulation | Tokens | https://bscscan.com/address/0x0321394309CaD7E0E424650844c3AB3b659315d3 | https://bscscan.com/tx/0x3b698ba37f33ac0f822a0de7e097126d71e8216bf59ec9b2e6044df7d4f40296 |
| Ocean Life Token | 2023-04-19T00:00:00.000Z | 11000 | BNB Chain | Flash Loan Attacks, Logic Exploit | Tokens | https://bscscan.com/token/0xb5a0ce3acd6ec557d39afdcbc93b07a1e1a9e3fa | https://bscscan.com/tx/0xa21692ffb561767a74a4cbd1b78ad48151d710efab723b1efa5f1e0147caab0a |
| Meta Skyer | 2023-04-10T00:00:00.000Z | 20000 | BNB Chain | Flash Loan Attacks | Tokens | | https://bscscan.com/tx/0xee1bc3d0b5b9bbbe3fa47730774a391491f583a602afb0969f532d521975137d |
| UNMS Token | 2023-03-29T00:00:00.000Z | 104174 | BNB Chain | Flash Loan Attacks | Tokens | | https://bscscan.com/tx/0x5feb28c35ddda566cf224714f7f721d093ab1de964ea0420f025dd44d953a344 |
| FastSwap | 2023-03-24T00:00:00.000Z | 8812 | BNB Chain | Flash Loan Attacks | DEX | | |
| Euler Finance | 2023-03-13T00:00:00.000Z | 196000000 | Ethereum | Flash Loan Attacks | DeFi | | |
| DKP Token | 2023-03-08T00:00:00.000Z | 80000 | BNB Chain | Flash Loan Attacks, Price/Oracle Manipulation | Tokens | | |
| HakunaMatata (TATA) | 2023-02-23T00:00:00.000Z | 10000 | BNB Chain | Flash Loan Attacks | Tokens | | |
| Dynamic DYFA Token | 2023-02-22T00:00:00.000Z | 22400 | BNB Chain | Flash Loan Attacks | Tokens | | |
| BABYDOLL Token | 2023-02-19T00:00:00.000Z | 7900 | BNB Chain | Flash Loan Attacks | Tokens | | |
| Platypus DeFi | 2023-02-17T00:00:00.000Z | 9000000 | Avalanche C Chain | Flash Loan Attacks | DeFi | | |
| dForce | 2023-02-10T00:00:00.000Z | 3650000 | Arbitrum | Smart Contracts Vulnerability, Flash Loan Attacks | DeFi | | |
| DAYUDAO Token | 2023-02-08T00:00:00.000Z | 3300 | BNB Chain | Price/Oracle Manipulation, Flash Loan Attacks | Tokens | | |
| FDP Token | 2023-02-07T00:00:00.000Z | 10000 | BNB Chain | Flash Loan Attacks | Tokens | | |
| BEVO NFT Art Token | 2023-01-30T00:00:00.000Z | 44000 | BNB Chain | Flash Loan Attacks, Price/Oracle Manipulation | Tokens | | |
| Storm Bringer Token | 2023-01-30T00:00:00.000Z | 35000 | BNB Chain | Flash Loan Attacks | Tokens | | |
| Unbound DAO (UBT) | 2023-01-13T00:00:00.000Z | 4560 | BNB Chain | Flash Loan Attacks | DAO | | |
| ThreeBodyOF | 2023-01-12T00:00:00.000Z | 3000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| Roe Finance | 2023-01-11T00:00:00.000Z | 80000 | Ethereum | Flash Loan Attacks, Price/Oracle Manipulation | DeFi | | |
| Elastic Swap | 2022-12-13T00:00:00.000Z | 850000 | Avalanche C Chain | Flash Loan Attacks | DeFi | 0x75739a693459f33B1FBcC02099eea3eBCF150cBe | |
| TRQ | 2022-12-10T00:00:00.000Z | 75483 | BNB Chain | Flash Loan Attacks | Tokens | 0xaa0c7ccb56ec1d6510bcd9d223a57362d5b63d59b16f074343749e3337f42a35 | |
| MU Official | 2022-12-10T00:00:00.000Z | 57000 | Avalanche C Chain | Flash Loan Attacks | Tokens | MU-0xD036414fa2BCBb802691491E323BFf1348C5F4Ba, MUG-0xF7ed17f0Fb2B7C9D3DDBc9F0679b2e1098993e81 | |
| Project AES | 2022-12-07T00:00:00.000Z | 65000 | BNB Chain | Flash Loan Attacks | Reward Pool | 0xdDc0CFF76bcC0ee14c3e73aF630C029fe020F907h | |
| MBC token | 2022-11-30T00:00:00.000Z | 5600 | BNB Chain | Flash Loan Attacks, Price/Oracle Manipulation | Tokens, DeFi | | |
| project SEAMAN | 2022-11-29T00:00:00.000Z | 7780 | BNB Chain | Flash Loan Attacks | DeFi | | |
| UEarnPool | 2022-11-17T00:00:00.000Z | 16038 | BNB Chain | Flash Loan Attacks | DeFi Staking | | |
| DFX Finance | 2022-11-10T00:00:00.000Z | 5000000 | Ethereum | Flash Loan Attacks, Smart Contracts Vulnerability, Logic Exploit | DEX | | |
| $mooCakeCTX token | 2022-11-07T00:00:00.000Z | 140000 | BNB Chain | Flash Loan Attacks | ERC20 | | |
| $VTF Tokens | 2022-10-27T00:00:00.000Z | 58000 | BNB Chain | Smart Contracts Vulnerability, Flash Loan Attacks | Tokens | | |
| $ULME | 2022-10-25T00:00:00.000Z | 50646 | BNB Chain | Flash Loan Attacks | Tokens | | |
| PLTD Project | 2022-10-22T00:00:00.000Z | 24497 | BNB Chain | Flash Loan Attacks | Tokens | | |
| $PLTD | 2022-10-18T00:00:00.000Z | 24497 | BNB Chain | Flash Loan Attacks | Tokens | | |
| MTDAO (MT) | 2022-10-17T00:00:00.000Z | 487000 | BNB Chain | Flash Loan Attacks | Tokens | | |
| Earning Farm | 2022-10-14T00:00:00.000Z | 971000 | Ethereum | Flash Loan Attacks | DeFi | | |
| awakening project | 2022-10-12T00:00:00.000Z | 120000 | BNB Chain | Flash Loan Attacks | Tokens | | |
| BTUs (BTU) | 2022-10-01T00:00:00.000Z | 72000 | BNB Chain | Exit Scam, Flash Loan Attacks | Tokens | 0xf5e88c44093252db8c8250df3cd51c8fd96cd6c9 | |
| RL Token (RL) | 2022-10-01T00:00:00.000Z | 9000 | BNB Chain | Flash Loan Attacks | Tokens | | |
| RADT-DAO token | 2022-09-23T00:00:00.000Z | 94305 | BNB Chain | Flash Loan Attacks | DeFi | | |
| New Free Dao | 2022-09-08T00:00:00.000Z | 1250000 | BNB Chain | Flash Loan Attacks | Tokens | | |
| Avalanche ( | 2022-09-07T00:00:00.000Z | 370000 | Avalanche C Chain | Flash Loan Attacks | DeFi | | |
| Dao_officials | 2022-09-04T00:00:00.000Z | 581254 | BNB Chain | Flash Loan Attacks | Tokens | | |
| Cupid | 2022-08-31T00:00:00.000Z | 78623 | BNB Chain | Flash Loan Attacks | Tokens | | |
| Nirvana | 2022-07-28T00:00:00.000Z | 3490000 | Solana | Flash Loan Attacks | DeFi | | |
| $LPC Flashloan | 2022-07-25T00:00:00.000Z | 45000 | BNB Chain | Flash Loan Attacks, Smart Contracts Vulnerability, Logic Exploit | DeFi, ERC20 | | |
| Space Godzilla | 2022-07-13T00:00:00.000Z | 26000 | BNB Chain | Flash Loan Attacks, Price/Oracle Manipulation | DeFi | | |
| Omni X | 2022-07-10T00:00:00.000Z | 1400000 | Ethereum | Flash Loan Attacks | DeFi | | |
| Pandora chain DAO | 2022-06-22T00:00:00.000Z | 128222 | BNB Chain | Flash Loan Attacks, Price/Oracle Manipulation | DeFi | | |
| WhaleLoans | 2022-06-20T00:00:00.000Z | 5964 | BNB Chain | Flash Loan Attacks | DeFi | | |
| FSwap | 2022-06-13T00:00:00.000Z | 390085 | BNB Chain | Smart Contracts Vulnerability, Flash Loan Attacks | DeFi | | |
| Novo DeFi | 2022-05-29T00:00:00.000Z | 83000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| FEG Token | 2022-05-15T00:00:00.000Z | 1300000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| Deus DAO | 2022-04-28T00:00:00.000Z | 13400000 | Fantom | Price/Oracle Manipulation, Flash Loan Attacks | DAO | | |
| Hundred Finance | 2022-03-15T00:00:00.000Z | 6200000 | Gnosis Chain | Flash Loan Attacks | DeFi | | |
| Agave | 2022-03-15T00:00:00.000Z | 5500000 | Gnosis Chain | Flash Loan Attacks | DeFi | | |
| Paraluni | 2022-03-13T00:00:00.000Z | 1700000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| Grim Finance | 2021-12-18T00:00:00.000Z | 30000000 | Fantom | Flash Loan Attacks | DeFi | | |
| Cream | 2021-10-27T00:00:00.000Z | 130000000 | Ethereum | Flash Loan Attacks, Price/Oracle Manipulation | DeFi | | |
| Indexed Finance | 2021-10-14T00:00:00.000Z | 16000000 | Ethereum | Flash Loan Attacks, Price/Oracle Manipulation | DeFi | | |
| Cream Finance | 2021-08-30T00:00:00.000Z | 18800000 | Ethereum | Flash Loan Attacks | DeFi | | |
| X-Token | 2021-08-29T00:00:00.000Z | 4500000 | Ethereum | Flash Loan Attacks, Price/Oracle Manipulation | DeFi | | |
| SurgeBNB | 2021-08-17T00:00:00.000Z | 4000000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| Popsicle Finance | 2021-08-03T00:00:00.000Z | 20000000 | Ethereum | Flash Loan Attacks | DeFi | | |
| PancakeBunny | 2021-07-16T00:00:00.000Z | 2400000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| ApeRocketFi | 2021-07-14T00:00:00.000Z | 1260000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| Eleven Finance | 2021-06-22T00:00:00.000Z | 4500000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| Belt Finance | 2021-05-29T00:00:00.000Z | 6200000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| BurgerSwap | 2021-05-27T00:00:00.000Z | 7200000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| JulSwap | 2021-05-27T00:00:00.000Z | 700000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| AutoShark Finance | 2021-05-24T00:00:00.000Z | 750000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| Bogged Finance | 2021-05-22T00:00:00.000Z | 3600000 | BNB Chain | Flash Loan Attacks | DeFi | | |
| Rari Capital | 2021-05-08T00:00:00.000Z | 10000000 | Ethereum | Flash Loan Attacks, Price/Oracle Manipulation | DeFi | | |
| Alpha Finance | 2021-02-13T00:00:00.000Z | 38000000 | Ethereum | Flash Loan Attacks | DeFi | | |
| Growth DeFi | 2021-02-09T00:00:00.000Z | 1300000 | Ethereum | Flash Loan Attacks | DeFi | | |
| Yearn | 2021-02-04T00:00:00.000Z | 11000000 | Ethereum | Flash Loan Attacks | DeFi | | |
| Origin Dollar | 2020-11-17T00:00:00.000Z | 7700000 | | Flash Loan Attacks | DeFi | | |
| CheeseBank | 2020-11-16T00:00:00.000Z | 3300000 | Ethereum | Flash Loan Attacks | DeFi | | |
| Value Defi | 2020-11-14T00:00:00.000Z | 7000000 | Ethereum | Flash Loan Attacks | DeFi | | |
| Harvest Finance | 2020-10-26T00:00:00.000Z | 25000000 | Ethereum | Flash Loan Attacks, Price/Oracle Manipulation | DEX | | |
| Eminence Finance | 2020-09-15T00:00:00.000Z | 15000000 | Ethereum | Flash Loan Attacks | DeFi | | |
| Balancer | 2020-06-28T00:00:00.000Z | 522000 | Ethereum | Flash Loan Attacks | DeFi | | |
| bZx | 2020-02-15T00:00:00.000Z | 350000 | Ethereum | Flash Loan Attacks | DeFi | | |
+---------------------+--------------------------+--------------------+-------------------+------------------------------------------------------------------------------+-----------------------+--------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+

Flash loan exploits typically involve the following steps:

  • Borrowing a Large Sum: The attacker borrows a substantial amount of funds via a flash loan.
  • Executing Exploitative Actions: Using the borrowed funds, the attacker manipulates the market or exploits vulnerabilities in other DeFi protocols. Common targets include price oracles, liquidity pools, and smart contracts with bugs.
  • Profiting and Repaying the Loan: The attacker profits from the exploitative actions, repays the flash loan within the same transaction, and pockets the remaining profit.

Common Types of Flash Loan Exploits

  • Oracle Manipulation: Exploiters target price oracles (mechanisms that feed external price data into the blockchain). By manipulating the oracle price, they can buy assets at artificially low prices or sell them at inflated prices.
  • Liquidity Pool Draining: Exploiters use flash loans to create large price swings in liquidity pools, enabling them to buy assets cheaply and sell them at a profit after manipulating the pool’s pricing mechanism.
  • Reentrancy Attacks: In this scenario, attackers exploit a smart contract’s vulnerability. A function makes an external call to another contract before updating its state, allowing the attacker to repeatedly withdraw funds before the contract’s state is updated.

To mitigate the risk of flash loan exploits, DeFi protocols can implement several strategies:

  • Oracle Security: Using decentralized and tamper-resistant oracles to provide more reliable price data.
    Rate Limiting: Implementing limits on the amount of assets that can be borrowed or traded within a short time frame.
  • Smart Contract Audits: Regularly auditing smart contracts to identify and fix vulnerabilities.
  • Dynamic Fees: Introducing dynamic transaction fees that increase with the size and frequency of transactions to deter large-scale exploits.

Flash loan exploits highlight the importance of robust security measures and vigilant monitoring in the rapidly evolving DeFi landscape.

Originally published at https://www.immunebytes.com on May 30, 2024.

--

--

ImmuneBytes

Build a hack-proof solution with the industry’s leading blockchain security company.