Avalanche Flash Loan Attack Nets $370K

Flash loan attack on Avalanche detected by cybersecurity firm CertiK


Blockworks Exclusive art by axel rangel


key takeaways

  • The flash loan is said to have generated hundreds of thousands of dollars worth of USDC for the attacker
  • DEX Trader Joe, staking platform Nereus Finance and AMM Curve Finance are believed to have been affected

A flash loan attack on the Avalanche blockchain has extracted $370,000 in USDC from a smart contract, as well as several liquidity providers, blockchain cybersecurity firm CertiK said Tuesday.

Decentralized exchange Trader Joe, staking platform Nereus Finance and automated market maker Curve Finance are thought to have been impacted, the firm said in a tweet.

A flash loan exploit is an abuse of a smart contracts security whereby a nefarious actor typically borrows uncollateralized funds from a lending protocol and manipulates the price of a given asset, driving up its value. 

Because of the nature of a flash loan, the attacker then sells back the borrowed capital in the same transaction after they’ve managed to arbitrage the asset, pocketing the difference.

The attack, executed around 3:26 pm ET on Tuesday, was picked up by CertiK’s on-chain security software Skynet which actively monitors and displays suspicious smart contract data online.

Blockworks attempted to contact CertiK and Avalanche but did not receive a response by press time. The identity of the attacker, as in the majority of cases involving flash loan exploits, remains unknown.

Avalanche, a layer-1 smart contract platform built by Singapore-based Ava Labs, has risen to prominence in recent years, having grown to become a top 20 crypto in market cap terms.

Compatible with Ethereum, the Avalanche network consists of an ecosystem of decentralized application as well as staking initiatives via its proof-of-stake consensus mechanism.

Flash loans have been involved in several high-profile crypto heists before, including the third-largest of 2022, when DeFi dapp Beanstalk lost $182 million.

Don’t miss the next big story – join our free daily newsletter.


Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research report - cover graphics (1).jpg


In this report, we dive into crypto private market data to gather insights on where the future of the industry is headed. Despite a notable downturn in private raises, capital continues to infuse promising projects that aim to transform payments, banking, consumer experiences, community, and more, with 2023 being the fourth-largest year for crypto venture capital.


BUZZ holds shares of Coinbase, Robinhood and MicroStrategy


Opinion: Even though I didn’t pay for my “Diamond Hands” burger with BTC, don’t let that fool you into thinking that crypto’s development is futile


The results mark “a major positive inflection point,” one analyst says, as the exchange carries net income momentum into a crypto rally


While the slate of 10 US spot bitcoin funds have tallied $4.6 billion of net inflows thus far, half of the field is lagging the leaders


Trading volumes totalled $154 billion in Q4, including $125 billion in institutional volume


DeFi on Bitcoin is all the rage right now and Stacks is positioned to benefit