Flash Loan Attacks Explained: How Hackers Drain DeFi in a Single Block
— By Tony Rabbit in Tutorials

A flash loan attack weaponizes a legitimate DeFi primitive, borrowing millions with no collateral, manipulating a price, and repaying it all in one atomic transaction. Here is how the mechanism works and how protocols defend against it.
A flash loan attack is a DeFi exploit in which an attacker borrows a huge sum of crypto with zero collateral, uses it to distort a price feed or imbalance a liquidity pool, extracts value from a vulnerable protocol, and repays the entire loan, all inside a single blockchain transaction. The flash loan itself is a legitimate building block of decentralized finance. The attack is what happens when that primitive is pointed at a protocol that trusts prices or balances it should not trust. Because everything settles atomically in one block, the attacker risks almost nothing beyond the gas fee, which is exactly why this class of exploit has become one of the most common ways hackers drain DeFi.
KEY TAKEAWAYS
- A flash loan is uncollateralized borrowing that must be repaid in the same transaction, or the whole thing reverts.
- An attack happens when borrowed capital is used to manipulate a price oracle or imbalance a pool, then profit from a protocol that trusted that distorted state.
- Atomicity removes the attacker's capital risk: they only lose gas if the exploit fails.
- The strongest defenses are manipulation-resistant oracles (TWAP), reentrancy guards, and sane deposit and borrow caps.
The Anatomy of a Flash Loan Attack, Step by Step
Every flash loan attack follows the same four-beat rhythm, and all four beats execute within one transaction. First, the attacker borrows a large amount of tokens from a lending pool with no collateral posted. Second, they act, routing that capital through one or more protocols to create a profitable but artificial condition. Third, they extract the resulting value. Fourth, they repay the original loan plus a small fee. If the repayment cannot be made by the end of the transaction, the blockchain rejects every step as if none of it happened.
The key insight is that a flash loan removes the usual barrier to large-scale manipulation: money. Normally, moving a market enough to exploit it would require an attacker to hold a fortune. With a flash loan, that fortune is rented for the length of a single block. If you want the foundational mechanics of the primitive itself, our guide to what a flash loan is covers the legitimate use cases that the same code path enables.
The Two Classic Flash Loan Attack Patterns
Although individual exploits look intricate, the overwhelming majority reduce to one of two patterns. The first and most common is oracle and price manipulation. Many DeFi protocols read an asset's price from an on-chain source, often a single decentralized exchange pool. An attacker uses borrowed funds to make an enormous swap against that pool, briefly pushing the reported price far from reality. A target protocol that uses that spot price, for example to value collateral or mint a derivative, is now operating on a lie, and the attacker exploits the gap before the price corrects.
The second pattern is pool imbalance abuse. Here the attacker does not necessarily fake a price feed but instead exploits the math of how a pool calculates shares, rewards, or exchange rates when its balances are pushed to an extreme. A freshly deployed or thinly capitalized vault is especially vulnerable, because a single large deposit or donation can warp the ratio that determines how many shares each unit of deposit is worth. To go deeper on the price side, see our breakdowns of oracle manipulation in DeFi and what a price oracle actually is.
Why Atomicity Makes Flash Loan Attacks Possible
The reason these exploits are both possible and hard to stop comes down to one property: atomicity. On most smart-contract chains, a transaction either fully succeeds or fully reverts. There is no halfway state. This is normally a safety feature. For a flash loan it becomes the whole basis of the design, because the lender knows that if the borrower has not repaid by the final instruction, the entire transaction unwinds and the loan is mathematically guaranteed never to have left the pool.
That same guarantee is what protects the attacker. Their exploit either completes profitably or it disappears as if it never ran. They are never left holding a half-finished position or an unpaid debt. The capital risk that would normally deter manipulation is reduced to the gas cost of a failed attempt. Defenders cannot simply ban large borrows either, because the legitimate uses of flash loans, such as arbitrage and collateral swaps, depend on the exact same mechanism.
What a Real Flash Loan Attack Looks Like in Practice
In practice, a live exploit is a tightly choreographed sequence packed into one transaction. The attacker borrows a sum that may run into the millions, splits it across several protocols, and triggers a chain of swaps and deposits designed to leave one target reading a manipulated value. At the apex of that arc, when the distorted price or imbalanced ratio is at its most extreme, the attacker performs the action that converts the lie into withdrawn value, then immediately repays the loan with what remains.
To an outside observer the entire event is over before the next block is mined. There is no window to pause the protocol, no time for arbitrageurs to correct the price, and often no way to claw funds back afterward. This is why so much of the multi-protocol damage in DeFi traces back to this single technique, a pattern visible across recurring incident roundups like our overview of major DeFi losses in 2026. The shape is almost always the same even when the targets differ.
How Protocols Defend Against Flash Loan Attacks
Because the loan primitive cannot be removed, defense focuses on making the manipulation worthless. The single most important measure is using a manipulation-resistant oracle. A time-weighted average price (TWAP) reports a price averaged over many blocks, so a one-block spike from a flash loan barely moves it. Pulling from multiple independent sources, or from a robust off-chain oracle network, has the same effect of making a momentary distortion irrelevant.
Beyond oracles, well-built protocols layer in reentrancy guards to stop an attacker from re-entering a function mid-execution, enforce deposit and borrow caps so a single transaction cannot move the system to a dangerous extreme, and seed vaults with minimum or virtual liquidity so the share math cannot be warped at launch. Many also add sanity checks that reject a transaction if a price or balance moves implausibly far in one block. None of these is a silver bullet, but together they raise the cost of an attack above its reward, which is the real goal.
What Flash Loan Attacks Mean for Users of a Protocol
As a user, you are rarely the direct target of a flash loan attack, but you are very much exposed to the fallout. When a protocol you have deposited into gets drained, the loss is socialized: the pool is emptied, your share of it loses value, and recovery is often partial or nonexistent. Your defense is to favor protocols that have been audited, that use TWAP or multi-source oracles, that have survived in the market long enough to be battle-tested, and that hold meaningful liquidity rather than thin, easily-tipped pools.
Treat brand-new vaults and unaudited yield farms with the most caution, since immature share math is a frequent target. Before committing funds, it is worth checking a protocol's oracle design and audit history the same way you would vet any other on-chain risk. Our broader guide to avoiding crypto scams covers the wider due-diligence habits that complement this specific risk. The recurring lesson is simple: in DeFi, the prices a protocol trusts are part of its attack surface, and so is yours.
This article is for educational purposes only and is not financial advice.