Avalanche Flash Loan Attack Nets $370K

Flash loan attack on Avalanche detected by cybersecurity firm CertiK

by Sebastian Sinclair /
article-image

Blockworks Exclusive art by axel rangel

share

key takeaways

  • The flash loan is said to have generated hundreds of thousands of dollars worth of USDC for the attacker
  • DEX Trader Joe, staking platform Nereus Finance and AMM Curve Finance are believed to have been affected

A flash loan attack on the Avalanche blockchain has extracted $370,000 in USDC from a smart contract, as well as several liquidity providers, blockchain cybersecurity firm CertiK said Tuesday.

Decentralized exchange Trader Joe, staking platform Nereus Finance and automated market maker Curve Finance are thought to have been impacted, the firm said in a tweet.

A flash loan exploit is an abuse of a smart contracts security whereby a nefarious actor typically borrows uncollateralized funds from a lending protocol and manipulates the price of a given asset, driving up its value. 

Because of the nature of a flash loan, the attacker then sells back the borrowed capital in the same transaction after they’ve managed to arbitrage the asset, pocketing the difference.

The attack, executed around 3:26 pm ET on Tuesday, was picked up by CertiK’s on-chain security software Skynet which actively monitors and displays suspicious smart contract data online.

Blockworks attempted to contact CertiK and Avalanche but did not receive a response by press time. The identity of the attacker, as in the majority of cases involving flash loan exploits, remains unknown.

Avalanche, a layer-1 smart contract platform built by Singapore-based Ava Labs, has risen to prominence in recent years, having grown to become a top 20 crypto in market cap terms.

Compatible with Ethereum, the Avalanche network consists of an ecosystem of decentralized application as well as staking initiatives via its proof-of-stake consensus mechanism.

Flash loans have been involved in several high-profile crypto heists before, including the third-largest of 2022, when DeFi dapp Beanstalk lost $182 million.

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates (2).png

Research

PUMP’s TGE & Launchpad Wars: It’s All About The Front-End

We’re bullish on the PUMP token. We believe Pump.fun's brand strength, existing integrations, product roadmap, and strategic levers justify PUMP's TGE valuation, and expect the token to re-rate meaningfully higher in the months ahead.

by Ryan Connor

/

news

article-image

Lightspeed NewsletterPolicy

Solana Policy Institute wants to see more equities issued onchain

The non-profit’s “Project Open” seeks to let stocks trade directly on Solana

by Jack Kubinec /
article-image

Business

Pump.fun acquires wallet tracker Kolscan

The acquisition is Pump.fun’s first, and comes just days before its planned ICO

by Katherine Ross&Jack Kubinec /
article-image

Forward Guidance NewsletterMarkets

All signs are pointing to the dollar heading lower. Will it?

As Trump’s tariff war reignites, everyone is assuming the dollar will continue its path lower. But the journey might be bumpy

by Felix Jauvin /
article-image

0xResearch NewsletterFinance

Fidelity is valuing ETH as money

A valuation model for “blockchain GDP”

by Donovan Choy /
article-image

BusinessThe Drop

Exclusive: Remix raises $5M in seed funding to become ‘TikTok for games’

The mini app combines vibe-coding with a hypercasual game feed and is coming to the new Coinbase Wallet

by Kate Irwin /
article-image

The Breakdown

The first $4T company

An improbable tale of the world’s 40th graphics-chip startup

by Byron Gilliam /