Asymmetric Research discloses Marginfi flash loan bug that risked $160M

MarginFi fixed a flaw that could have let attackers borrow funds without repayment

by Blockworks /

September 17, 2025 02:25 pm

Igor Kyrlytsya/Shutterstock and Adobe modified by Blockworks

Marginfi, a Solana-based lending and borrowing protocol, has patched a critical vulnerability in its flash loan mechanism that briefly placed more than $160 million in user deposits at risk.

The bug, disclosed by security researcher Felix Wilhelm through Marginfi’s bug bounty program, would have allowed an attacker to borrow funds without repaying them. The issue was resolved before any exploit occurred, and no funds were lost, according to Asymmetric Research’s report.

Flash loans, a common DeFi feature, allow users to borrow nearly all available liquidity on the condition that the funds are repaid within the same blockchain transaction. Solana protocols typically enforce this by introspecting instructions in a transaction to ensure a repayment step is included.

Newsletter

Subscribe to The Breakdown

According to Asymmetric, Marginfi followed this approach but introduced a new instruction, transfer_to_new_account, that unintentionally bypassed repayment checks. This meant liabilities could be shifted to a new account mid-loan, enabling funds to be drained without triggering safeguards.

The report indicates that the Marginfi team swiftly deployed a patch to block account transfers during flash loans and prevent disabled accounts from being used for repayment. While Solana’s architecture limits some common Ethereum-style exploits, the vulnerability underscores that logic errors remain a critical threat.

The swift resolution demonstrates the role of bug bounty programs in preventing systemic losses. Similar past incidents, including attacks on Mango Markets and other Solana-based protocols, have shown how flash loan vulnerabilities can lead to multimillion-dollar losses.

Marginfi representatives did not respond to Blockworks’ request for comment before publication.

This is a developing story.

This article was generated with the assistance of AI and reviewed by editor Jeffrey Albus before publication.

Get the news in your inbox. Explore Blockworks newsletters:

The Breakdown: Decoding crypto and the markets. Daily.
0xResearch: Alpha in your inbox. Think like an analyst.

Tags

Cybersecurity

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2026

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy tickets learn more

recent research

Research

Solana DEX Winners: All About Order Flow

Solana's spot trading landscape will remain bifurcated: prop AMMs will own the short-tail of highly liquid pairs, while passive AMMs continue drifting toward the long-tail. Both can win via vertical integration, but in opposite directions: passive AMMs are moving closer to users through token issuance platforms (e.g., Pump-PumpSwap, MetaDAO-Futarchy AMM), while prop AMMs are moving down the stack into transaction landing services and infrastructure (e.g., HumidiFi-Nozomi). The venues most at risk are legacy AMMs with limited end-user control and no durable, launch-driven source of order flow.

by Carlos Gonzalez Campo