Avalanche Flash Loan Attack Nets $370K

Flash loan attack on Avalanche detected by cybersecurity firm CertiK

by Sebastian Sinclair /
article-image

Blockworks Exclusive art by axel rangel

share

key takeaways

  • The flash loan is said to have generated hundreds of thousands of dollars worth of USDC for the attacker
  • DEX Trader Joe, staking platform Nereus Finance and AMM Curve Finance are believed to have been affected

A flash loan attack on the Avalanche blockchain has extracted $370,000 in USDC from a smart contract, as well as several liquidity providers, blockchain cybersecurity firm CertiK said Tuesday.

Newsletter

Subscribe to The Breakdown

Decentralized exchange Trader Joe, staking platform Nereus Finance and automated market maker Curve Finance are thought to have been impacted, the firm said in a tweet.

A flash loan exploit is an abuse of a smart contracts security whereby a nefarious actor typically borrows uncollateralized funds from a lending protocol and manipulates the price of a given asset, driving up its value. 

Because of the nature of a flash loan, the attacker then sells back the borrowed capital in the same transaction after they’ve managed to arbitrage the asset, pocketing the difference.

The attack, executed around 3:26 pm ET on Tuesday, was picked up by CertiK’s on-chain security software Skynet which actively monitors and displays suspicious smart contract data online.

Blockworks attempted to contact CertiK and Avalanche but did not receive a response by press time. The identity of the attacker, as in the majority of cases involving flash loan exploits, remains unknown.

Avalanche, a layer-1 smart contract platform built by Singapore-based Ava Labs, has risen to prominence in recent years, having grown to become a top 20 crypto in market cap terms.

Compatible with Ethereum, the Avalanche network consists of an ecosystem of decentralized application as well as staking initiatives via its proof-of-stake consensus mechanism.

Flash loans have been involved in several high-profile crypto heists before, including the third-largest of 2022, when DeFi dapp Beanstalk lost $182 million.

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Permissionless IV Hackathon

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

learn more

recent research

Research Report Templates (19).png

Research

Suilend's Multi-Product DeFi Suite

Suilend has grown into the top money market and liquid staking provider on Sui. STEAMM, Suilend’s Superfluid AMM, presents a compelling avenue for growing market share within Sui’s DEX landscape and revenue generation for the protocol. Suilend’s multi-product suite position it well for owning market share across key verticals. While current metrics across the Sui ecosystem are likely inflated due to Sui Foundation incentive programs, SEND trades at amongst the lowest multiples in the lend/borrow sector, suggesting that a bull case for continued growth in the ecosystem may be mispriced.

by Luke Leasure

/

news

article-image

PeopleSupply Shock

Stay united: Ross Ulbricht’s heartfelt message for Bitcoin

Silk Road founder Ulbricht made a triumphant return to the Bitcoin Conference, 10 years on from sentencing

by David Canellis /
article-image

BusinessEmpire Newsletter

Who can compete against pump.fun?

A Blockworks Research report looked at who could take up some of the marketshare in the launchpad space

by Katherine Ross /
article-image

BusinessEmpire Newsletter

The stablecoin ‘book is just starting to be written,’ Dragonfly’s Hadick says

Business-to-business stablecoin payments are on the rise, per a report from Artemis, Dragonfly and Castle Island

by Katherine Ross /
article-image

The Breakdown

Thursday links: Treasury companies and dinner without Trump

Crypto continues to do its thing: incentivizing behavior

by Byron Gilliam /
article-image

BusinessLightspeed Newsletter

Tokenized equities will be ‘bigger than stablecoins’: Backed CEO

Kraken will soon offer Backed ‘xStocks’ as Solana tokens

by Jack Kubinec /
article-image

Forward Guidance NewsletterPolicy

Court of International Trade halts the Tariff bonanza

In a unanimous decision, the US Court of International Trade has ruled that Trump’s IEEPA tariffs are unlawful

by Felix Jauvin /