Flash Loan attacks are the latest talk of the crypto town. Recently, so many great platforms have incurred hefty losses, being victims of these attacks.
What are Flash Loans?
Flash Loans are a new type of uncollateralized loans enforced by smart contracts in the DeFi sphere. They are designed for developers on the platform to borrow loans instantly, provided the liquidity is returned to the pool within the same transaction block.
This process needs to happen quickly and the debt must be repaid on time to the protocol. In case the time limit expires, the transaction will reverse instantly, and steps executed up to that point will be reversed effectively. Flash Loan attackers thrive on searching for multiple ways to manipulate the market while still abiding by the rules.
Arbitrage is essentially the primary use case of Flash Loans where it enables traders to earn from the price fluctuations across various exchanges.
What are Flash Loan attacks?
Flash Loan attacks are the most common types of DeFi attacks. The execution of Flash Loans attacks requires minimal resources hence it's cheap to perform and is also the easiest to get away with. According to Coinmarketcap, Flash Loan attacks have been making headlines ever since the popularity of DeFi in 2020, and the attacks are only increasing to date, leading to millions of dollars in losses so far.
During Flash Loan attacks, the cyberthief borrows a Flash Loan from a lending protocol and uses it to manipulate the market in their favor. Such attacks take place in mere seconds and yet involve four or more other DeFi protocols.
For instance, the cyber thief borrows a huge amount of Token A from protocol supporting Flash Loans and swaps it with Token B on the DEX, which lowers A’s price and increases the price of B. The attacker then deposits B as collateral on a DeFi protocol that uses the DEX as its sole price feed. Cleverly, the attacker takes advantage of the manipulated pricing and borrows a larger amount of Token A than usual and uses a portion of borrowed Token A to pay back the Flash Loan and generate profit from the remaining.
Case Study on PancakeBunny attack
The most recent Flash Loan attack that took place in May 2021 occurred on the PancakeBunny, a BSC-powered yield farming aggregator, that was hit by an exploit that dropped its token value by more than 95% of its previous value.
The attacker borrowed a large amount of Binance’s BNB through PancakeSwap and manipulated the price against Binance USD stablecoin and Bunny tokens. This allowed the hackers to steal a large amount of BUNNY, which they dumped on the market, causing the price drop to $6.17 from around $146, equating to a crash of over 95%. The hacker then paid back the debt via PancakeSwap. The blockchain data suggests that the attacker has made a profit of about 3 million.
PolkaCover as Insurer
Users will soon be able to purchase Flash Loan Protocol from Polkacover’s marketplace, and as an Insurer, PolkaCover offers smart contract covers for its users based on the premiums they pay. PolkaCover bears the part of the loss (a fixed claim according to the underlying agreement) incurred by the smart contract bug or hacks during the occurrence of any catastrophic loss.
PolkaCover is the First DeFi insurance marketplace for the global crypto ecosystem. Our aim is to lower transactional and administrative costs of insurance policies and coverage while providing high-value, cost-effective insurance products for the crypto world.
Our platform will be connecting users with multinational insurance providers for all global insurance products such as crypto-related protection, health, life and travel policies. The platform will include a frictionless insurance marketplace experience that incorporates next-generation blockchain technology and tokenized incentives.