Flash Loan Attack attacks in 2021

Flash-loan price manipulation of yUSD let an attacker borrow against $1B in fake collateral and drain $130M from Cream, its third successful exploit of 2021.

$16M drained from DEFI5 and CC10 index pools via a flash-loan exploit of the rebalancing math; the teen attacker mounted a 'code is law' defense in Canada.

$20.7M drained from Popsicle's Sorbetto Fragola pool after flash loans plus share transfers tricked the contract into owing the attacker rewards equal to TVL.

Wault Finance on BNB Chain lost ~$1M when a flash-loan manipulation of WUSD/WEX pricing let the attacker mint and redeem at skewed rates, draining reserves.

Flash loans of $385M manipulated one Belt Finance beltBUSD strategy, distorting share-price calculation to extract $6.23M of $50M total vault losses.

Multiple 2021 exploits (~$680K+) of Merlin Labs on BNB Chain, a yield optimizer whose strategy and reward pricing were repeatedly manipulated via flash loans.

A flash-loan SHARK/BNB price manipulation inflated AutoShark's minted reward, draining ~$745K on BSC in a near-exact replay of the PancakeBunny pattern.

$45M extracted from PancakeBunny when a $704M flash loan manipulated the BUNNY/BNB oracle and minted ~7M BUNNY from thin air; BUNNY fell 95% in minutes.

xToken lost $24M when xSNXa and xBNTa priced from manipulable pools; a flash loan let the attacker mint strategy tokens cheaply and redeem the real underlying.

Spartan Protocol lost $30M on BSC via a flawed liquidity-share calculation, the first major flash-loan attack on BSC and a turning point for its DeFi sector.

Flash loan manipulated TRUNK/BUSD and ELEPHANT pricing in Elephant Money's BNB-Chain buy/sell mechanism, letting attacker mint/redeem for ~$22M at skewed rates.

Flash-loan manipulation of gToken/stkToken pricing in Growth DeFi's yield strategy let an attacker extract ~$1.3M of reserves at skewed rates ('The Big Combo').

A custom 'spell' contract exploited a borrow-share rounding bug to accrue zero shares against real cySUSD debt, draining $37.5M from Alpha Homora and Iron Bank.

Yearn's yDAI vault lost $11M (attacker netted $2.8M) when an 11-tx flash-loan sequence skewed Curve 3pool DAI price, forcing bad cycles. Tether froze $1.7M.