- The growing adoption of Web3 technologies has come with an increase in the number of flash loan exploits.
- According to a BanklessTimes analysis, these attacks registered a 2000% spike in Q2 2022.
- Consequently, investors lost over $308M worth of crypto, raising concerns about the safety and viability of Web3 projects.
The proliferation of Web3 technologies has come with many positives, including flash loans. Used as intended, flash loans offer a unique way of borrowing and lending. Unfortunately, they have major flow; they come with a high level of risk, and 2022 has been popular with crypto scammers.
BanklessTimes has been studying the trends in the adoption of flash loans. It concludes that Q2 2022 registered the largest flash loan heist to date. The site has presented data indicating that 27 such attacks resulted in a loss of over $308M worth of crypto lover's funds. That was a 2000% surge from the nearly $14.2M lost in Q1.
The growing number of web3 projects available today comes with significant monetary investments. It isn't surprising, therefore, that flash loan assaults are rising. These have escalated owing to the complexities of building smart contracts, making them more vulnerable to these exploits.BanklessTimes' CEO Jonathan Merry
The 27 incidences reported in Q2 are a 92.8% increase from the 14 recorded in Q1. This growth is a major concern for web3 projects and their investors, as these attacks continue growing in frequency and severity. Hopefully, with increased public awareness and understanding, we will see a decline in their number in the future.
Q2 Registered Record-Breaking Flashloan Heists
In Q2 alone, two major attacks accounted for a significant portion of the total loss in the quarter. The first was the $182 Million attack against Beanstalk Farms, the largest of these attacks on record.
The second was the $79 Million attack against the Fei Protocol. These two exploits alone accounted for 59% of the quarter's total loss. But even with their exclusion, Q2 losses would still dwarf those from Q1 attacks. Moreover, this trend will likely continue as the number of flash loan attacks increases.
For comparison, the biggest attack in Q1 was the $3 Million exploit against Deus Finance. These large-scale attacks have called into question the security of these products and their place in the Web3 ecosystem.
Flashloan Attacks Spell Doom for Web3 Projects
BanklessTimes projects that losses from these attacks will touch the $656M mark by the end of 2022. That's a 78% increase over 2021's losses, thanks to how they work. By exploiting a flaw in a Smart Contract to take out a quick loan, attackers can generate a lot of money fast.
Because they never intend to repay the loan, they can walk away with a sizable profit. In the past, these attacks have been carried out with little to no profit. However, they are increasing in frequency because they're easy to execute with little risk.
These attacks often result in big losses, but it's important to remember that there are many small-scale attacks too. The difference is that the latter are lost in the noise of simple arbitrage farming by bots.
Again the attacks are rarely limited to one exploit. On the contrary, they often involve multiple exploits, including manipulating liquidity pools, bridge vulnerabilities, and price oracles.
Contributors
