What Is Flash Loan in Crypto?

A flash loan is an uncollateralized DeFi loan that must be borrowed and repaid within a single transaction. If the borrower can't repay in the same transaction, the entire transaction reverts and no loan is ever recorded. Flash loans are unique to blockchain programmability — they don't exist in traditional finance — and enable arbitrage, collateral swaps, and unfortunately a long history of protocol exploits.

Also known as: flashloan, atomic loan

Ask Stingray anything about Flash Loan

How flash loans work

In a single transaction:

  1. Borrow, say, 10,000 ETH from Aave’s flash-loan pool (no collateral required).
  2. Execute arbitrary logic — swap through multiple DEXs, liquidate an underwater position, rebalance collateral, etc.
  3. Repay the 10,000 ETH + a 0.05% fee to Aave.

If step 3 fails, the EVM reverts the entire transaction as if it never happened. The lender can’t lose because the loan can’t actually be taken out unless repayment is guaranteed atomically.

Aave introduced the original flash-loan primitive; dYdX, Uniswap V3, and Balancer now offer them too. Fees range from 0 to 0.09% of the borrowed amount.

Legitimate flash-loan uses

  • DEX arbitrage — spot a pricing gap between Uniswap and SushiSwap, flash-borrow the necessary capital, execute both legs, repay, pocket the spread.
  • Collateral swaps — replace one lending protocol’s collateral (e.g. LINK) with another (ETH) in a single atomic operation, without unwinding the underlying debt.
  • Self-liquidation — a borrower who sees their own position about to be liquidated can flash-borrow, repay their own debt, withdraw collateral, and repay the flash — capturing the liquidation bonus that would otherwise go to a keeper.
  • Refinancing — move a loan from one protocol to another atomically when rates shift.

Risks and considerations

The dark side: flash loans enabled a wave of DeFi exploits where attackers used $100M+ of borrowed capital to manipulate oracles, drain pools, or game governance votes — all within a single transaction.

Notable cases:

  • bZx (2020) — two flash-loan attacks within days exploited oracle manipulation, netting ~$1M.
  • Harvest Finance (2020) — flash loan + Curve price manipulation drained $24M.
  • Cream Finance (2021) — $130M exploit via flash-loan price oracle manipulation.
  • Mango Markets (2022) — $100M+ extracted via flash-loan-funded price pump of MNGO collateral.

The architectural lesson: any protocol that reads current-block price data (spot TWAP over one block, reserve ratios, etc.) is potentially exploitable via flash-loan price manipulation. Modern protocols use longer TWAPs, Chainlink push feeds, or aggregated multi-source oracles to defend against this. For users, the practical implication is indirect: favor protocols that have been audited against flash-loan attack vectors and have survived the primitives that killed earlier DeFi projects.

Related terms

Lending Protocol A lending protocol is a DeFi application where users deposit crypto to earn interest from borrowers. MEV MEV (maximal extractable value) is the profit a block producer can capture by reordering, inserting, or censoring transactions within a block. Arbitrage Arbitrage is the practice of buying and selling the same asset at roughly the same time on different venues to capture a price gap. DEX A DEX (decentralized exchange) is a smart-contract-based venue where users trade assets without handing custody to a company.