64 total views
In recent months, Harvest, Akropolis, Value DeFi, Cheese Bank, Eminence, and Origin Protocol have all suffered flash loan attacks. In the last six attacks, three incidents ended with hackers partially returning stolen funds. This has become a new trend in the DeFi circle.
Although we do not know why these DeFi hackers returned some of their ill-gotten gains, one possible explanation is condemnation of conscience.
In order to understand the reasons behind this behavior, we need to know what flash loans are all about.
What is a flash loan?
In the flash loan case, the attacker receives the loan from the DeFi protocol, spends the loan funds, and repays the loan in the same smart contract transaction. Since the entire process of the loan occurs in the same smart contract transaction, no collateral is required.
Basically, anyone can get a flash loan without collateral, and only need to pay the relevant fees. An analyst from the on-chain analytics company Glassnode explained:
“This means that users of flash loans, including hackers, only need to take a very small risk; if the transaction fails to achieve “break-even” and the borrower cannot repay the loan, then the entire transaction will be cancelled. It will lose GAS fees. In contrast, the potential gains are objective.”
If hackers use loan capital to arbitrage in the short term, they can still make money after returning the borrowed principal.
But these profits must have their source, and although each attack is different and complex, in simple terms these profits often come from other users-those “losers” who lose to the attacker in the transaction, the profits are generated from this.
Why did the attacker return part of the proceeds?
The sentiment surrounding the flash loan attack in the DeFi field remains complex. On the one hand, these events can be regarded as attacks or vulnerabilities because they cause the loss of user funds. However, on the other hand, some people argue that flash loans are not illegal and follow the rules and systems of their platforms.
Perhaps some of the attackers belong to the former camp, and the reason they return the funds is to not harm innocent users.
For example, on November 15th, Value DeFi suffered a lightning loan attack, resulting in a loss of 6 million US dollars. The attacker borrowed 80,000 ETH from the DeFi protocol Aave, worth slightly less than 40 million US dollars. Then, the attacker used two stablecoins, DAI and USDC, to arbitrage at the expense of Value DeFi users and made a fortune. After that, the attacker returned $40 million in principal to Aave.
Su Zhu, CEO of Three Arrows Capital, said that the hacker returned the $2 million profit made by using flash loans. He pointed out that this kind of attack can be done without flash loans, but only giant whales or high-net-worth investors can do so.
Su said that the attacker left a message asking “Do you really understand flash loans?”, and returned US$2 million to show friendship. Su believes that this behavior is to remind everyone that even without lightning loans, the same “attack” is technically possible-but only those super wealthy whales can do it.
Another hacker returned $50,000 after learning that the victim who lost $100,000 due to his attack was a nurse.
Similarly, on October 26, because a hacker used its liquidity pool to arbitrage, Harvest suffered a $24 million flash loan attack. After the incident, the hacker returned $2.5 million.
Since a flash loan attack does not require a large amount of initial capital, and the hacker does not have to bear the risk of losing a large amount of funds after the attack fails, the attacker is likely to return some of the funds out of moral considerations. Whether this will make the attack less bad remains to be discussed-but the controversy in the DeFi field is becoming increasingly fierce.
, Use data to understand the blockchain.