Since the beginning of the year, the decentralized finance (DeFi) ecosystem has rapidly grown to more than $12 billion in total value locked. With this exponential growth, incentives have increased for malicious actors to manipulate and attack vulnerable DeFi protocols, often at the expense of regular users.
One of the more recent tools used within many DeFi attacks are flash loans – a new type of financial primitive that allows users to open uncollateralized loans with the sole stipulation that the loan be paid back within the same transaction or it reverts. This is a significant departure from traditional DeFi lending, which often requires a user to over-collateralize a loan upfront.Adelyn Zhou is CMO of Chainlink Labs, where she leads marketing for Chainlink, the world's most widely adopted decentralized oracle network.
The novelty of a flash loan is that it can temporarily make anyone in the world a very well-capitalized actor, with the potential to suddenly manipulate the market. In the recent string of attacks, we’ve seen malicious actors use flash loans to instantaneously borrow, swap, deposit and again borrow large numbers of tokens so they can artificially move a token’s price on a single exchange. This sequence is essentially the foot in the door, allowing the attacker to then exploit that exchange’s anomalous pricing.
When flash loans are used as part of a larger malicious scheme to manipulate a protocol and steal its funds, the phrase “flash loan attack” becomes the hot crypto term of the week. Media outlets and Twitter influencers alike focus on the workings of the flash loan, dissecting each step the malicious actor took to jump from token to token, protocol to protocol, all within one transaction.
But the phrase “flash loan attack” doesn’t capture the complete issue at hand. Flash loans do not create vulnerabilities within DeFi – they simply reveal vulnerabilities that already exist. “Flash loan attacks” are often...