What Is a Flash Loan in DeFi: How It Works and Why It Matters (2026)

If you have ever wanted to borrow millions of dollars with zero collateral, execute a complex trading strategy, and repay the entire loan in under 13 seconds, flash loans make that possible. They are one of the most powerful and controversial innovations in decentralized finance (DeFi), enabling transactions that would be completely impossible in traditional banking.

A flash loan is an uncollateralized loan that must be borrowed and repaid within a single blockchain transaction. There is no credit check, no collateral requirement, and no waiting period. The entire process happens atomically, meaning every step either completes successfully or the whole thing reverts as if it never happened. This atomic nature is what makes flash loans both incredibly useful and uniquely safe for lenders.

Flash loans were first introduced by Aave in January 2020 and have since become a fundamental building block of DeFi. They have been used for everything from legitimate arbitrage trading to devastating protocol exploits that drained hundreds of millions of dollars. In this guide, you will learn exactly how flash loans work, who can use them, the most common use cases, and why they remain one of the most debated features in all of crypto.

How Does a Flash Loan Work?

To understand flash loans, you first need to understand how blockchain transactions work. Every action on a blockchain like Ethereum happens inside a transaction. A transaction can contain multiple steps, and all of those steps are bundled together. Either every single step executes successfully, or the entire transaction fails and reverts. Nothing in between. This is the concept of atomicity, and it is the foundation that makes flash loans possible.

When you initiate a flash loan, you are writing a smart contract that performs several operations within one transaction. The lending protocol sends you the tokens you requested. Your contract then executes whatever strategy you have coded, whether that is arbitrage, liquidation, or a collateral swap. At the end of the transaction, your contract must return the borrowed amount plus any fees. If the repayment does not happen, the blockchain itself rejects the entire transaction. The loan never existed, the strategy never executed, and the only thing you lose is the gas fee for the failed transaction.

This is fundamentally different from traditional lending. In a bank, if you borrow money and your investment fails, you still owe the bank. With a flash loan, if your strategy does not generate enough profit to repay the loan, the transaction simply does not happen. The lender never loses funds. This is why flash loans require zero collateral. The risk to the lender is effectively zero because the smart contract guarantees repayment through code.

The Technical Process Step by Step

Let us walk through the exact technical flow of a flash loan. First, a developer writes a smart contract that implements a specific callback function. On Aave, this is called executeOperation(). This function contains all the logic for what you want to do with the borrowed funds. The developer deploys this contract to the blockchain and then calls the flash loan function on the lending protocol.

The lending protocol checks that it has enough liquidity in its pool for the requested amount. If it does, it transfers the tokens to your smart contract and immediately calls your callback function. Inside that function, your contract does whatever you programmed it to do. It might swap tokens on Uniswap, liquidate an undercollateralized position, or perform a series of trades across multiple protocols. At the end of your callback function, the lending protocol checks whether it has been repaid the original amount plus the fee. If yes, the transaction succeeds. If no, everything reverts.

The entire process takes place in a single Ethereum block, which currently has a block time of around 12 seconds. During those 12 seconds, you can borrow millions of dollars, execute complex multi-step strategies, and repay everything. The block gets mined, and your profit (if any) is permanently recorded on the blockchain. You can verify every flash loan transaction on Etherscan or other blockchain explorers.

Flash Loan Platforms: Aave vs dYdX vs Uniswap

Several DeFi protocols offer flash loan functionality, but the biggest names are Aave, dYdX, and Uniswap V3. Each has different fee structures, supported assets, and technical implementations.

Aave is the most popular platform for flash loans and the protocol that invented the concept. Aave V3 charges a fee of 0.05% on every flash loan. So if you borrow $1,000,000, you pay $500 in fees regardless of whether you make a profit. Aave supports flash loans on Ethereum, Arbitrum, Optimism, Polygon, Avalanche, and several other chains. The total available liquidity for flash loans on Aave regularly exceeds $10 billion across all supported assets. If you want to learn how to use Aave for lending and borrowing, check our dedicated tutorial.

dYdX offers flash loans with zero fees, making it attractive for strategies where margins are thin. However, dYdX has a more limited set of supported assets compared to Aave. The technical implementation is also different. dYdX uses a system where you deposit, withdraw, and trade within a single transaction to achieve the same flash loan effect. This makes the code slightly more complex to write but saves money on fees.

Uniswap V2 and V3 offer a feature called flash swaps, which function similarly to flash loans. You can withdraw any amount of tokens from a Uniswap liquidity pool, use them however you want, and then either return the same tokens or pay the equivalent value in the paired token, plus a 0.3% fee. Flash swaps are particularly useful for arbitrage strategies that involve Uniswap trading pairs directly.

Flash Loan Use Cases

Flash loans unlock several powerful strategies that would otherwise require significant capital. These are the four most common and important use cases in DeFi today.

Arbitrage: The Most Common Use Case

Arbitrage is by far the most popular use of flash loans. Here is a real-world example of how it works. Suppose ETH is trading at $3,000 on Uniswap and $3,015 on SushiSwap. That is a 0.5% price difference. Without a flash loan, you would need to already have $3,000 worth of stablecoins to buy 1 ETH on Uniswap and sell it on SushiSwap for a $15 profit. With a flash loan, you can borrow $3,000,000, buy 1,000 ETH on Uniswap, sell them on SushiSwap for $3,015,000, repay the $3,000,000 loan plus a $1,500 fee (0.05% on Aave), and keep $13,500 in profit. All without risking a single dollar of your own money.

However, you need to account for slippage and gas fees. Large trades on decentralized exchanges move the price, so borrowing $3 million might not yield the expected return if the liquidity pools are too shallow. You also need to pay gas fees for all the swaps, which on Ethereum mainnet can be significant. Successful flash loan arbitrageurs carefully calculate these costs before executing their strategies.

Liquidations: Earning Without Capital

In DeFi lending protocols, borrowers must maintain a certain collateral ratio. If the value of their collateral drops below the required threshold, anyone can liquidate that position by repaying part of the debt and claiming the collateral at a discount (usually 5-15% bonus). Flash loans allow liquidators to repay the debt without having any capital of their own. They borrow the repayment amount, liquidate the position, receive the collateral bonus, sell the collateral, repay the flash loan, and keep the liquidation bonus as profit.

Collateral Swaps and Self-Liquidation

Collateral swaps let you change the collateral backing your DeFi loan without closing the position. Say you have a loan on Aave with ETH as collateral, but you want to switch to wstETH for the staking yield. Without a flash loan, you would need extra capital to repay the loan, withdraw the ETH, swap it, deposit the new collateral, and borrow again. With a flash loan, you can do all of this in one transaction. Borrow enough to repay your debt, withdraw your ETH collateral, swap it for wstETH, deposit the wstETH, borrow again, and repay the flash loan. Clean and efficient.

Self-liquidation follows a similar pattern. If your position is approaching the liquidation threshold, you can use a flash loan to repay your debt, withdraw your collateral, and close the position yourself. This saves you from paying the liquidation penalty, which can be 5-15% of your collateral. The flash loan fee of 0.05% is significantly cheaper than losing 10% of your assets to a third-party liquidator.

Flash Loan Attacks: The Dark Side

Flash loans have been used in some of the most devastating DeFi exploits in history. Over $300 million has been stolen through flash loan attacks since 2020. These attacks typically exploit vulnerabilities in smart contract logic, oracle price feeds, or governance mechanisms. The flash loan itself is not the vulnerability. It simply provides the attacker with the capital needed to exploit an existing weakness at scale.

The most common type of flash loan attack involves price oracle manipulation. The attacker borrows a massive amount of tokens, uses them to manipulate the price on a decentralized exchange that another protocol uses as a price feed, and then exploits the artificially inflated or deflated price to extract value from the vulnerable protocol. Once the profit is secured, the attacker repays the flash loan and walks away.

Famous Flash Loan Attacks

bZx Attacks (February 2020): One of the earliest and most famous flash loan exploits. The attacker used a flash loan from dYdX to manipulate the price of sUSD on Kyber Network, then used the inflated price to borrow a disproportionate amount of ETH from bZx. The first attack drained roughly $350,000, and a second attack days later took another $600,000. These attacks shocked the DeFi community and started the conversation about flash loan security.

PancakeBunny (May 2021): An attacker used a flash loan to borrow a huge amount of BNB from PancakeSwap, manipulated the price of the BUNNY token through a series of swaps, and exploited PancakeBunny's reward calculation mechanism. The attack resulted in approximately $45 million in losses. The BUNNY token price crashed from $150 to $6 almost instantly.

Cream Finance (October 2021): This was one of the largest flash loan attacks ever, draining approximately $130 million from Cream Finance. The attacker used a complex strategy involving flash loans from both Aave and Cream's own flash loan mechanism. They exploited a vulnerability in how Cream calculated the value of certain tokens, allowing them to borrow far more than their collateral was actually worth.

These attacks highlight an important truth about DeFi security. Flash loans do not create vulnerabilities. They amplify them. Any protocol that can be exploited with a flash loan could theoretically be exploited by a wealthy attacker willing to put up their own capital. Flash loans just make it accessible to anyone with the technical skills to write the exploit contract, regardless of their financial resources.

Governance Attacks

One of the more controversial uses of flash loans involves governance manipulation. Many DeFi protocols use token-based voting for governance decisions. If you hold enough tokens, you can pass proposals. Flash loans allow someone to borrow a massive amount of governance tokens, vote on a proposal, and return the tokens within a single transaction. This effectively lets someone with zero stake in a protocol influence its governance decisions.

The most notable example of this was the Beanstalk attack in April 2022, where an attacker used a flash loan to acquire enough governance tokens to pass a malicious proposal that drained $182 million from the protocol. This was technically a governance exploit rather than a pure flash loan attack, but it demonstrated how flash loans can undermine token-based governance systems.

In response, many protocols have implemented time-locked voting, where tokens must be held for a certain period before they can be used to vote. Others have switched to snapshot-based voting, which records token balances at a specific block number before the proposal is made, making flash loan governance attacks impossible.

Who Can Use Flash Loans?

Here is the reality that many articles gloss over: flash loans are not for the average crypto user. You need to be a developer with Solidity programming skills to use flash loans. There is no user interface where you click a button and execute a flash loan. You must write a smart contract, deploy it to the blockchain, and call the flash loan function programmatically.

Specifically, you need to understand Solidity (Ethereum's smart contract language), how to interact with DeFi protocol interfaces, how to deploy and verify smart contracts, how to estimate gas costs and profitability, and how to test your contract thoroughly before using real funds. If you do not have these skills, there are tools and platforms that attempt to simplify the process. Furucombo is a popular no-code platform that lets you create flash loan strategies using a drag-and-drop interface. DeFi Saver offers automated leverage management and collateral swaps powered by flash loans. However, even with these tools, understanding what is happening under the hood is essential to avoid costly mistakes.

Flash Loan Bots and MEV

The majority of flash loan transactions in 2026 are executed by automated bots, not humans manually triggering smart contracts. These bots continuously monitor the blockchain for profitable opportunities, calculate whether a flash loan strategy would be profitable after accounting for gas fees and protocol fees, and execute the transaction automatically when conditions are met.

Flash loan bots are deeply connected to the concept of MEV (Maximal Extractable Value), which refers to the profit that can be extracted by reordering, inserting, or censoring transactions within a block. Many flash loan arbitrage bots compete with each other for the same opportunities, leading to "gas wars" where bots bid up the gas price to get their transaction included first. This competition has led to the development of private transaction pools like Flashbots, where bots can submit transactions directly to block builders without revealing their strategy to competitors.

Building a profitable flash loan bot is extremely competitive. The low-hanging fruit was picked years ago, and today's opportunities often have razor-thin margins. Successful bot operators typically have deep knowledge of DeFi protocols, advanced programming skills, and sophisticated infrastructure including private RPC nodes and MEV-aware transaction submission systems.

Security Implications and Risk Mitigation

For DeFi protocol developers, defending against flash loan attacks is a critical concern. Several best practices have emerged since the first attacks in 2020.

First, protocols should never rely on spot prices from a single decentralized exchange as their price oracle. Flash loans can easily manipulate spot prices. Instead, protocols should use time-weighted average prices (TWAPs) or decentralized oracle networks like Chainlink that aggregate prices from multiple sources and are resistant to single-transaction manipulation.

Second, protocols should implement reentrancy guards and carefully audit their smart contracts for logical vulnerabilities. Many flash loan attacks exploit subtle bugs in how protocols calculate collateral values, reward distributions, or impermanent loss calculations.

Third, governance systems should use snapshot-based voting with time delays, as mentioned earlier. Any governance mechanism that can be influenced by borrowing tokens for a single block is fundamentally broken.

Ethical Considerations

Flash loans raise fascinating ethical questions. On one hand, they democratize access to capital. A developer in any country can access millions of dollars in capital for a few seconds to execute a profitable strategy. This levels the playing field between small traders and large institutions. On the other hand, flash loans have been used to steal hundreds of millions of dollars from DeFi protocols and their users.

The debate often comes down to whether you view flash loan attacks as theft or as legitimate exploitation of poorly designed systems. In traditional finance, if a bank has a flaw in its system that lets someone drain accounts, that is clearly theft. In DeFi, the code is the law. If a smart contract allows a certain action, some argue that executing that action is fair game. This philosophical divide continues to shape how the DeFi community thinks about security, responsibility, and accountability.

Most of the DeFi community has settled on a pragmatic middle ground: flash loans themselves are a neutral tool, but using them to exploit vulnerabilities for personal gain at others' expense is unethical, even if it is technically possible. Many attackers who have been identified have faced legal consequences, and the rise of DeFi security firms and bug bounty programs has created financial incentives for discovering vulnerabilities through responsible disclosure rather than exploitation.

Pros and Cons of Flash Loans

Flash Loans on Layer 2 and Other Chains

While flash loans originated on Ethereum, they are now available on multiple chains and Layer 2 networks. Aave V3 supports flash loans on Arbitrum, Optimism, Polygon, Avalanche, Base, and more. The advantage of using flash loans on Layer 2 networks is dramatically lower gas costs. On Ethereum mainnet, a complex flash loan transaction might cost $50-200 in gas fees. On Arbitrum or Optimism, the same transaction might cost less than $1.

Lower gas costs mean that smaller arbitrage opportunities become profitable. On Ethereum, you might need a price discrepancy of 0.5% or more to cover gas fees. On Layer 2, even a 0.05% discrepancy could be worth executing. This has made flash loan arbitrage more competitive on Layer 2 networks, as more bots can afford to participate.

The Future of Flash Loans

Flash loans continue to evolve as DeFi matures. Cross-chain flash loans are an active area of development, where you could borrow on one chain and execute a strategy on another within a single atomic transaction. This is technically challenging because cross-chain communication introduces latency and complexity, but protocols like Connext and LayerZero are working on solutions.

Another trend is the development of more accessible flash loan tools. While flash loans currently require Solidity skills, platforms are building no-code solutions that let anyone create and execute flash loan strategies. As these tools mature, flash loans could become accessible to a much wider audience, potentially increasing both their beneficial and harmful uses.

Regulatory scrutiny of flash loans is also increasing. While no major jurisdiction has specifically regulated flash loans, the growing frequency and scale of flash loan attacks has drawn attention from regulators. How flash loans will fit into the evolving regulatory framework for DeFi remains an open question that will shape their future development and adoption.

Video: Flash Loans Explained

Visual explainer of how flash loans work in DeFi.

Watch video on YouTube | Watch on YouTube

Frequently Asked Questions