- Euler Finance loses over $196M in what is to be the biggest hack attack yet in 2023.
- The hacker used flash loans to deposit funds and leveraged them twice to kickstart the liquidation logic.
- Euler Finance is attempting to recover stolen funds.
Euler Finance experiences what is to be the most significant hack attack yet in 2023, losing over $196M.
On March 13, the tragic news of Euler Protocol Finance being hacked was announced by several on-chain sleuths who described how the hacker could cart away so many digital assets belonging to Euler Finance. The Ethereum-based non-custodial lending protocol lost over $195 million in DAI, USDC, WBTC (Wrapped Bitcoin), and StETH (Stake Ether).
How Did The Attack Happen?
Slowmist, a blockchain security firm, documented how the exploit was launched on Euler. The hacker used flash loans to deposit funds and then leveraged them twice to spur the liquidation logic. He donated the funds to a reserved address and conducted a self-liquidation to withdraw the leftover assets.
According to Slowmist, two main factors contributed to the successful exploitation of Euler Finance. Firstly, the funds donated to a reserved address were not subjected to a liquidity check which triggered soft liquidation. Secondly, the weak liquidation logic was initiated by high leverage, which increased the yield value and enabled the liquidator to acquire most of the collateral funds from the liquidated user’s account by moving a portion of the liabilities to themselves.
Meta Sleuth, a crypto analytic firm, took to Twitter to explain how multiple attacks were carried out on the lending protocol, leading to the loss of digital assets.
Meta Sleuth said two hackers executed the malicious deeds by launching six attack transactions. The analytic firm also confirmed that the attacks correlated with a deflation attack last month.
Meta Sleuth stated that the hacker used a multichain bridge to move the funds from the BNB Smart Chain (BSC) to Ethereum before launching the attack yesterday.
Famous on-chain detective, ZachXBT, weighed in, detailing his findings about the Euler exploit. ZachXBT claimed that the attack was made by black hats allegedly using some protocol on BSC a few weeks ago before depositing the funds into Tornado Cash, a crypto mixer.
Euler’s Response To The Attack
After being tagged by on-chain sleuths and conducting its investigation, Euler Finance confirmed that it had been hacked and was working towards researching how it happened and how to retrieve its stolen funds.
In a recent update, Euler announced that it had taken a few actions regarding the exploit. The crypto firm stated that it had halted the direct attack by disabling the EToken module, which blocked deposits and the vulnerable donations function. It engaged Chainalysis, TRM Labs, and the ETH security community to assist with investigating and retrieving funds. Lastly, it also informed the UK and US law enforcement agencies.
Conclusion
Euler Finance is the latest in the crypto industry to witness a massive loss of funds in 2023 due to an exploit. The firm is in talks with those willing and able to help retrieve the stolen funds. It has also contacted those responsible for the attack for more information on recovering the funds.
