Loans are inevitable for several people. When it comes to the decentralized world, flash loans are what some traders seek. A flash loan is a decentralized finance (DeFi) loan that allows you to borrow crypto without collateral. One condition persists: the loan must be repaid with the same blockchain transaction.
You may take a flash loan in times of financial difficulties, but what if someone exploits the flash loan? Yes, flash loans have now become a double-edged sword!
Shibarium suffers from exploitation
Shibarium bridge, Shiba Inuโs blockchain (Layer 2), working on Ethereum, has been exploited through a $2.4 million flash loan attack! The exploiter gained control of 10 validator keys out of 12, draining Ethereum and Shiba Inu (SHIB) tokens. The attacker used flash loan as a tool to steal $2.4 million from the bridge. Shibarium developers, however, interfered and secured the remaining funds.
Now, this article doesn’t delve into what has happened, but rather explores how flash loans can impact the DeFi ecosystem.
Why are flash loans in crypto risky?
With great power comes great risk. Sometimes, flash loans are morphing into one of the sharpest ways for an attackerโs eyes.
Uncollateralization
Unlike in traditional loans, flash loans in crypto do not require the borrower to place collateral to replace the crypto funds. Attackers can get huge funds quickly without collateral.
Importantly, the transaction is atomic, meaning if any single step in the transaction fails, the initial steps are also erased.
When attackers execute multiple programs in one transaction, like manipulating prices or changing votes, the link in the transaction chain breaks, and none of the manipulations or attempts stick in blockchain history.
This is what the Shibarium bridge hackers did: they gained access to 10 validators through manipulations.
In crypto, validators are responsible for verifying transactions, adding blocks to the blockchain, and maintaining network security.
Liquidation of massive funds
Attackers can take huge funds for just a moment by infusing manipulated codes into oracles or liquidity pools, erasing the entire evidence of their activities on the transaction chain.
Multiple weaknesses in a single transaction
As bad actors perform multiple manipulations like moving assets, altering prices, and triggering other contract logic, they can amass a huge sum of crypto.
Speed and reversibility are advantages for hackers
Everything happens on one blockchain; therefore, real-time intervention is impossible. Even if a developer detects the manipulation, they cannot always allow reversal or recovery.
As the DeFi ecosystem grows, the complexity grows too, and bad actors are always finding strong tools like flash loans to exploit millions of crypto funds. The Shibarium bridge exploitation is not a rare case; Cream Finance, a decentralized lending protocol, was hit with a massive $130 million loss following an exploitation via misconfiguration. PancakeBunny, another DeFi platform, suffered $45 million loss due to price manipulation via flash loan.
Flash loans offer significant advantages and cannot be entirely dismissed; however, the risks they pose should be carefully monitored by every investor.
