Flash loan attacks refer to a smart contract exploit where an attacker takes out a flash loan from a DeFi protocol, uses the capital that they’ve borrowed, and pays it back in the same transaction. In a flash loan attack, hackers arbitrage the money that they have borrowed from a DeFi pool, then return the capital quickly right after they have made a profit from the money, which will be left to them as soon as they repay their flash loans.
One of the most notorious flash loan attacks to have ever hit the space is the exploit on DeFi protocol bZx, where the attackers borrowed funds from the platform and quickly swapped them with stablecoins (sUSD). Since the stablecoin is governed by a smart contract, the attacker had manipulated its price by placing a large buy order on sUSD, which pushed the price of the stablecoin to $2, doubling its pegged value. Then, the attacker took a larger loan from the higher-priced sUSD, repaid his loans, and took the profit with him.
There is an ongoing debate within the DeFI community regarding the practicality of flash loans, in light of the exploits. While flash loans are subject to possible attacks, they have also opened new potential innovations in the DeFi space, providing loans that do not require collateral.