Flash Loans are quick lends of funds on DeFi platforms. Flash loans are achieved quickly as a result of the use of smart contracts to ensure that the lender is not at risk.
Flash loan attacks rely on loopholes on DeFi platforms. This flash loan loophole concerns taking advantage of the price difference on varying platforms that can be caused by large amounts of loans.
The Alpha Homora Exploit
A recent flash loan attack occurred in early 2021 on Alpha Homora, a popular DeFi platform, especially in Thailand, which experienced an attack drawing out around 37 million USD with the use of the Iron Bank.
Procedures are carried out when hackers began to borrow sUSD from Iron Bank repeatedly through Alpha Homora, a decentralized application (dApp). The borrowed amount consistently doubled each transaction, which took regard of returning funds back to Iron Bank, earning them Yearn Synth sUSD as a reward.
When seeing this, hackers borrowed around 1.8 million USDC from Aave through flash loans as well and exchanged it for sUSD, which is used to pay off flash loans on this respective platform. Afterwards, funds were loaned out on Iron Bank, allowing them to carry out continuous borrow-lending processes to constantly receive cySUSD as fees or rewards.
As evidently seen, the procedures are complicated and rely on the use of numerous DeFi platforms’ products, confirming that though technology has advanced, but so have cyber attacks.
Increased flash loan attacks
Flash loan attacks are different from 51% attacks that consume large amounts of resources, computational power and electricity for security breaches. Flash loan attacks only require a computer device, an internet connection and investment knowledge. Furthermore, initiating the attack only takes a short matter of time and may not even require large investments.
2. Low risks
Flash loan attacks compare to bank robberies that don't require the robber to be at the bank, meaning that their identity is hidden. There have yet to be any of the hackers’ criminal arrests take place due to the anonymity permission-required networks provide them, like that found in Tornado Cash.
How to prevent flash loan attacks
When considering the increased frequency of flash loan attacks, it has become apparent that there are still not absolute prevention methods present. However, numerous DeFi platforms have introduced the use of tools to detect and prevent these attack occurrences, along with other mechanisms as well for the security protection of the systems.
The use of tools
Delays from DeFi developers’ attentiveness to the system have been the largest contributor to attackers’ ability to escape with their crimes. They may be due to the nature of benefiting from loopholes, which is quite difficult to detect.
In recent times, OpenZeppelin introduced the world to the OpenZeppelin Defender program, an aiding tool that can be used to help developers’ detect any abuse of smart contracts and other suspicious activities on the blockchain network, which can be immensely helpful in the near future.
Flash loan attacks can unfortunately be frequently found with hackers being present only for a short period of time before disappearing. However, in contemporary times, DeFi platform developers have enhanced their networks to detect and prevent such attacks to provide services for their users in the best and most effective way possible.
Nonetheless, investors are highly advised to conduct deep research upon various platforms’ usage and risks, especially when concerning flash loans and DeFi, while also developing risk management strategies for safer investments.