What is a flash loan in DeFi?

A flash loan is an uncollateralized loan that must be borrowed and repaid within a single blockchain transaction. If the borrower cannot repay the full amount plus a small fee by the end of the transaction, the entire transaction reverts as if it never happened. This is possible because blockchain transactions are atomic — either everything in the transaction succeeds, or everything fails. Flash loans are offered by protocols like Aave and dYdX.

Can you make money with flash loans?

Yes, flash loans can be profitable when used for arbitrage (buying a token cheaply on one exchange and selling it at a higher price on another), liquidations (repaying unhealthy DeFi loans to earn liquidation bonuses), and other strategies. However, flash loans require writing smart contract code or using specialized tools, and profitable opportunities are highly competitive — bots compete to execute arbitrage within milliseconds.

Are flash loans dangerous?

Flash loans themselves are not inherently dangerous — they are a neutral tool. However, they have been used to exploit vulnerabilities in DeFi protocols, enabling billions of dollars in losses. Flash loans amplify existing bugs by giving attackers access to enormous capital in a single transaction. The danger lies in the protocols being exploited, not in the flash loan mechanism itself.

How do flash loan attacks work?

A typical flash loan attack follows this pattern: the attacker borrows a large sum via a flash loan, uses it to manipulate a price oracle (for example, by making a massive trade on a low-liquidity exchange), then exploits a DeFi protocol that reads the manipulated price to extract funds at an incorrect valuation, and finally repays the flash loan — all within one transaction. The attacker keeps the profit, and the exploited protocol suffers the loss.

Do you need collateral for a flash loan?

No. Flash loans require zero collateral. This is what makes them unique in finance — you can borrow millions of dollars with nothing backing the loan. The lender is protected not by collateral but by the atomicity of blockchain transactions: if the loan is not repaid within the same transaction, the entire transaction reverts and the lender never actually loses any funds.

Which protocols offer flash loans?

The most widely used flash loan providers include Aave (the largest flash loan provider, available on Ethereum, Arbitrum, Optimism, Polygon, and other chains), dYdX, and Uniswap (which offers flash swaps, a similar mechanism). Several other DeFi protocols also support flash loans or flash minting for specific tokens.

What Is a Flash Loan? DeFi's Most Powerful (and Dangerous) Tool

TL;DR: A flash loan lets you borrow millions with zero collateral -- as long as you repay everything in the same transaction. If you can't repay, the entire transaction reverts as if it never happened. Legitimate uses include arbitrage and liquidations, but flash loans have also enabled some of the biggest DeFi exploits.

What is a flash loan?

A flash loan is a loan that must be borrowed AND repaid within a single blockchain transaction. No collateral is required. No credit check. No identity verification. You can borrow $10 million, $100 million, or however much liquidity the lending pool holds -- and the only requirement is that you return it all (plus a small fee) before the transaction finishes executing.

If you don't repay? The transaction simply fails and reverts. It is as if you never borrowed in the first place. The lender's funds never actually leave the pool, no money is lost, and the only cost to the failed borrower is a small amount of gas for the failed transaction.

This concept has no equivalent in traditional finance. In the conventional banking world, every loan requires either collateral, a credit history, or both. Flash loans bypass all of that by exploiting a unique property of blockchains: atomic transactions.

Atomic transaction

A transaction where either every step succeeds, or every step reverts. There is no partial execution. This "all or nothing" property is what makes flash loans possible -- the lender is guaranteed repayment because the alternative (non-repayment) literally cannot happen.

How is this possible?

Blockchain transactions are atomic: either everything in the transaction succeeds, or everything reverts. Nothing in between. This is fundamentally different from how traditional banking works, where each step of a financial operation is a separate event that can succeed or fail independently.

A flash loan exploits this atomicity. Here is what happens inside a single transaction:

Step 1: Borrow $10M from Aave. The flash loan contract sends $10M to your smart contract.
Step 2: Do something profitable with the $10M. Your contract executes whatever strategy you have coded -- arbitrage, liquidation, collateral swap, or anything else.
Step 3: Repay $10M + a tiny fee to Aave. Your contract returns the borrowed amount plus the protocol's fee (typically 0.05% to 0.09%).

If step 3 fails -- meaning your contract does not have enough funds to repay -- then steps 1 and 2 also revert. The entire transaction is rolled back. Aave never loses a single dollar, because from the blockchain's perspective, the loan never happened.

This is why flash loans require no collateral. The lender's risk is literally zero. The Ethereum Virtual Machine enforces repayment at the protocol level -- not through legal contracts, not through credit scores, but through the fundamental mechanics of how blockchain transactions work.

Legitimate uses of flash loans

Arbitrage

Buying an asset cheaply on one exchange and simultaneously selling it at a higher price on another, capturing the price difference as profit. Flash loans democratize arbitrage by removing the need for upfront capital.

Arbitrage. Price differences between decentralized exchanges happen constantly. ETH might be $3,000 on Uniswap and $3,005 on SushiSwap. With a flash loan, anyone can borrow a large amount of ETH, buy cheap on one DEX, sell expensive on the other, and pocket the difference -- all without owning any capital. Before flash loans, arbitrage was only available to traders with significant funds. Flash loans make it accessible to anyone who can write the code.

Liquidations. When a DeFi lending position becomes unhealthy (the borrower's collateral drops in value relative to their debt), anyone can liquidate it and earn a liquidation bonus. Flash loans let liquidators borrow the funds needed to repay the borrower's debt, seize the discounted collateral, sell it, repay the flash loan, and keep the bonus -- all without needing capital of their own.

Collateral swap

Changing the collateral backing a DeFi lending position from one token to another without closing and reopening the position. Flash loans make this possible in a single transaction, avoiding the risk of liquidation during the swap.

Collateral swaps. Suppose you have a loan on Aave backed by ETH collateral, but you want to switch your collateral to WBTC. Without a flash loan, you would need to repay your entire debt first (requiring you to have the funds on hand), withdraw your ETH, swap it to WBTC, redeposit, and borrow again. With a flash loan, you can do all of this in a single atomic transaction -- borrowing the funds to repay your debt, swapping collateral, and re-borrowing to repay the flash loan.

Self-liquidation. If your leveraged DeFi position is approaching the liquidation threshold, you can use a flash loan to close it yourself in one transaction -- avoiding the liquidation penalty that would be charged if someone else liquidated you. You borrow enough to repay your debt, withdraw your collateral, sell enough collateral to repay the flash loan, and keep the rest.

Refinancing. Move a loan from one protocol to another that offers better interest rates -- in a single transaction. Borrow via flash loan, repay your existing debt, withdraw your collateral, deposit it on the new protocol, borrow from the new protocol, and repay the flash loan. What would normally require multiple transactions and carry liquidation risk becomes a single atomic operation.

Flash loan attacks -- the dark side

Flash loans have enabled billions of dollars in DeFi exploits. The same property that makes them powerful for legitimate use -- instant access to enormous capital with no collateral -- also makes them a devastating tool for attackers.

Oracle manipulation

An attack where an attacker artificially moves a price feed by making a large trade on a low-liquidity exchange that a DeFi protocol uses as its price source. Flash loans provide the massive capital needed to move prices significantly, even if only for a single transaction.

The most common flash loan attack pattern works like this:

Borrow a massive amount via flash loan
Use the borrowed funds to manipulate a price oracle -- typically by making a huge trade on a low-liquidity exchange that a DeFi protocol relies on for pricing
Exploit the target protocol at the manipulated (wrong) price -- for example, borrowing far more than the collateral should allow, or triggering liquidations at artificial prices
Profit from the exploit
Repay the flash loan and keep the difference

All of this happens in a single transaction, often within seconds.

Notable flash loan attacks

bZx (February 2020) -- The first major flash loan attack. The attacker used a flash loan to manipulate prices across multiple DeFi protocols, extracting approximately $8 million. This attack put flash loans on the security radar for the entire industry.
Harvest Finance (October 2020) -- $34 million exploit using flash loans to manipulate the price of stablecoins in Curve Finance pools, which Harvest Finance used as its price reference.
Beanstalk (April 2022) -- $182 million governance flash loan attack. The attacker did not manipulate a price oracle. Instead, they borrowed enough governance tokens via flash loan to pass a malicious governance proposal that drained the protocol's treasury -- all in one transaction. This was a novel and devastating variation of the flash loan attack.
Euler Finance (March 2023) -- $197 million exploit using flash loans to manipulate the protocol's internal accounting through a series of deposits, borrows, and donations. This was one of the largest flash loan exploits in DeFi history.

Governance attack

An exploit where an attacker accumulates enough governance tokens (sometimes via flash loan) to pass a malicious proposal. Because flash loans can be borrowed and used within a single transaction, an attacker can temporarily control a protocol's governance without ever actually owning the tokens long-term.

The critical insight is this: flash loans do not create vulnerabilities -- they amplify existing ones. The bug is always in the protocol being exploited, not in the flash loan itself. A protocol with a manipulable price oracle is vulnerable whether the attacker uses a flash loan or their own capital. Flash loans simply make it possible for anyone to exploit the bug, without needing millions of dollars in their own wallet.

Why can't you just ban flash loans?

After every major flash loan exploit, the question comes up: why not just get rid of flash loans? The answer is that it would cause more harm than good, and it might not even be possible.

Flash loans are a fundamental primitive of composable DeFi. They emerge naturally from the atomic transaction model that all blockchains use. Banning them would mean restricting how smart contracts can interact with each other -- undermining the composability that makes DeFi powerful in the first place.

Banning flash loans would also kill all their legitimate uses. Arbitrageurs who keep prices efficient across exchanges, liquidators who keep lending protocols solvent, and users who want to refinance or swap collateral would all lose access to a critical tool.

The real solution is building protocols that are resistant to flash loan manipulation. This means better oracle design (using time-weighted average prices instead of spot prices, aggregating from many sources), governance mechanisms that require tokens to be held for a minimum period before voting, and circuit breakers that detect and block suspicious transactions. The risk must be managed at the protocol level, not by restricting the tools available to users.

Flash loans vs regular loans

	Flash loan	Regular DeFi loan
Duration	One transaction (seconds)	Open-ended
Collateral	None required	Required (typically 150%+ overcollateralized)
Risk to lender	Zero -- transaction reverts if not repaid	Default risk if collateral value drops
Use case	Arbitrage, liquidations, collateral swaps, exploits	Borrowing against holdings, leverage
Available to	Anyone who can write or use smart contract code	Anyone with sufficient collateral

Who can use flash loans?

Flash loans are not a click-a-button feature. To execute a flash loan, you need to write a smart contract that borrows the funds, executes your strategy, and repays the loan -- all within a single transaction. This requires Solidity programming knowledge and an understanding of the DeFi protocols you are interacting with.

That said, tools exist that abstract away the complexity. Platforms like Furucombo and DeFi Saver provide no-code or low-code interfaces that let users build flash loan transactions through a visual interface. These tools handle the smart contract creation behind the scenes, making flash loans accessible to users who cannot write code themselves.

Even with these tools, flash loans remain advanced DeFi. Understanding gas costs, slippage, transaction ordering, and the specific mechanics of each protocol you are interacting with is essential. Profitable flash loan arbitrage, in particular, is extremely competitive -- automated bots compete to execute opportunities within milliseconds, and most simple arbitrage strategies have already been claimed by sophisticated operators.

Track your DeFi positions. CleanSky reads on-chain data across 34+ networks to show you exactly where your crypto is and what it's worth -- including positions on protocols like Aave where flash loans originate.

Try CleanSky free

Choose your language

What is a flash loan? DeFi's most powerful (and dangerous) tool