Hackernoon logoHow One Hacker Made $360k in a Day via a Flash Loan and Market Manipulation by@gary_lai

How One Hacker Made $360k in a Day via a Flash Loan and Market Manipulation

Author profile picture

@gary_laiGary Lai

Editor at Cortex Labs

How to Understand the Latest DeFi "Hack" in 3 Steps

Correction: In the original article, I talked about how the hacker profited by crashing the price of WBTC - in reality, the hacker actually crashed the price of WETH and a few details in this article have been corrected accordingly. I was able to come to a better understanding of the event via this very detailed analysis on Medium with breakdown of the hacker’s balance, if you’re interested in doing the math yourself.

Recently, a “hacker” started from nothing and made $360,000 in one single transaction by taking advantage of flash loan (there are some controversies regarding whether the event qualifies as a "hack" since technically the “hacker” did not do anything illegal). Given the number of DeFi components involved in this “hack", a detailed explanation is required for DeFi beginners to understand it. In this article, I will walk you through the “hack” step-by-step, taking a pause along each of the 3 steps to explain the factors at work, so that you could gain a high-level understanding of what happened, beyond the jargons.

Let’s call the “hacker” Joe.

First Step: Flash Loan to Gain Capital

First, Joe took out a flash loan of 10,000 WETHs (about $3million) from the open trading platform dYdX. This served as his initial capital. 

Flash loan: Usually, to borrow money in DeFi, you need to undertake a CDP (collateralized debt position), which basically means that in order to borrow $80 worth of BTC, you need to deposit something like $100 worth of ETH as a collateral. If you fail to pay back the $80 of BTC you borrowed, you lose your collateral. In comparison, flash loan, a relatively new way to borrow money in DeFi, requires no collaterals. A flash loan smart contract lets you borrow a large sum of capital with no questions asked, as long as you pay back the borrowed amount during the same transaction (hence the name "flash loan”). If you fail to pay back the borrowed amount, the transaction will simply revert. Via flash loan, Joe started with near $0 (besides a few dollars for transaction fees) and gained access to $3million capital right away.

WETH: Wrapped-ether. It’s backed 1-to-1 with real ether except that it is ERC20, meaning that you can trade it directly with other ERC20 tokens, including WBTC, which becomes important later. If this confuses you, just think of it as regular Ethers and keep reading. 

Second Step: Use the Capital for a Short Position & Manipulate the Market to Profit from the Short Position 

Second, Joe sent about half of the 10,000 WETHs to Fulcrum and half to Compound.

On Fulcrum (a trading platform built from bZx), Joe opened a short position of 112 WBTC, meaning that he would profit if WBTC price lowered. 

To make sure that WBTC price indeed lowered, he went to Compound (a decentralized lending platform), borrowed 112 WBTC, using his WETHs as collateral (via a collateralized debt position, which I explained earlier). With these 112 WBTCs, he went and crashed the price of WBTC on Uniswap (and thereby Fulcrum), allowing him to profit massively from the short position he just opened on Fulcrum. 

Short position: A technique in financial markets in which you make money when an asset’s price goes down. When you short 112 WBTC, you borrow 112 WBTC from others and sell them now for let’s say $10,000 per WBTC (pocketing $1,120,000). But you need to pay back this loan of 112 WBTC later and when you do, if the price of WBTC has dropped to $9,000 during that time gap, it only costs you 112 * $9,000 = $1,008,000 to pay back your loan. You still have $1,120,000 - $1,008,000 = $112,000 left in your pocket, which is your profit from the short position. You could multiply your profit via leverage, which Fulcrum allows; however, for simplicity’s sake I won’t go into too much details here. The bottom line is that Joe makes money when WBTC price goes down, loses money when WBTC price goes up - but in this case, Joe would use his capital to crash the price on Fulcrum so that he would definitely profit from the short position. 

Uniswap: A decentralized exchange. Fulcrum only uses the Uniswap price feed to determine its WBTC price, meaning that to profit from shorting on Fulcrum, one only crash the price of WBTC on one exchange, Uniswap. Crashing the price on Uniswap = crashing the price on Fulcrum.

WBTC: An ERC20 token backed 1-to-1 with real Bitcoins. Similar to WETH, you can think of WBTC as BTC with much smaller market cap, which makes it easier for price manipulation (perhaps the reason why Joe chose to short it instead of real BTCs on Uniswap). 

Compound: A decentralized lending platform where you can take out loans of different cryptoassets with CDPs (collateralized debt positions).

Fulcrum: A trading platform built on bZx that allows for margin trading (long/short positions).

Third Step: Take Profit and Pay Back Loan

Third, with the profit from the short position in step 2, Joe paid back the flash loan and walked away with the rest of the profit, which amounted to a staggering $360,000.

So to recap, Joe first took out $3million from flash loan on dYdX as his initial capital. Next, with half of the capital, he opened a short position of WBTC on Fulcrum; with the other half, he crashed the price of WBTC to make sure he profited massively from the short position. Finally, with the new profit, he paid off the flash loan and walked away with the handsome profit. 

While nuanced debates around the morality of such practices are needed, one could at least appreciate the accessibility of DeFi - with the emergence of flash loan, literally anyone anywhere in the world can be empowered with a huge sum of capital and participate in the financial market in a nontrivial way. 

Disclaimer: If you understand everything in this article, you’ve understood the gist of what happened. Some exact details and numbers may require further investigation; therefore, if you’re interested in EXACTLY what happened, you can read the entire transaction on Etherscan here and the source I referenced while writing this article here.


Join Hacker Noon

Create your free account to unlock your custom reading experience.