DeFi Platform Euler Finance Surfers $200,000,000 Crypto Exploit

The scammer got away with at least $197 million from Euler Finance. According to reports, the attacker obtained a number of crypto assets using flash loans.

• What – Euler Finance has lost about $197 million in stETH, DAI, WBTC, and USDC to a vulnerability attack

• Why – The attack was executed using flash loans which tricked the protocol until it allowed the hacker to withdraw the crypto.

• What Next – Peckshield reported that some of the stolen amounts is currently being laundered on Tornado Cash.

Euler Finance, a decentralized finance (DeFi) platform, was hacked and suffered a loss of $196.9 million as detailed by BlockSec’s audit. 

According to the data provided by BlockSec, the hacker made away with $135.8 million worth of Staked Ethereum (stETH),$8.7 million in the decentralized stablecoin DAI,$18.5 million in Wrapped Bitcoin (WBTC), and $33.8 million in Circle’s USDC stablecoin. 

The attack was flagged by PeckShield, a blockchain monitoring firm, to which Euler Finance responded saying, “We are aware and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it.”

The attack was carried out through a flash loan which is meant to allow users to borrow loans in the millions with zero collateral. However, the money is not free. Before the transaction is complete, the loan must be repaid, or else the smart contract cancels the transaction and treats it as though the loan never was never granted. 

Over recent years, flash loans have become a common way for hackers to raise funds to attack decentralized systems. Through this method, the Beanstalk stablecoin protocol lost $182 million in April 2022, and Inverse Finance lost more than $1.2 million in May 2022.

What Happened In The Euler Finance Attack?

The loan was utilized by the hacker to temporarily deceive the Euler finance protocol into believing it had a small quantity of eToken, a collateral token that the DeFi platform issues based on the amount of crypto that is deposited on the system. When the number of dTokens, debt tokens, produced by Euler exceeds the number of eTokens held on the platform, an on-chain liquidation will be initiated immediately, which is what happened in this case.

On-chain data reveals that the attacker borrowed more than $30 million worth of DAI stablecoin using flash loans from the DeFi protocols Balancer and Aave. Of the total, about $20 million was routed to Euler, which enabled the hacker to receive $19.5 million worth of eDAI.

The attacker then obtained 195.6 million eDAI and 200 million dDAI by borrowing from Euler 10 times the amount that had been deposited. With the remaining funds, the attacker partially satisfied the initial debt, tricking the protocol into believing it owed more to depositors than it actually did.

The hacker borrowed again and then finally made a donation to Euler. With this, the collateral funds seemed to exceed the value of liabilities which helped the attacker to pass the liquidity check and thus was allowed to withdraw the remaining funds. 

4/7

4) Borrow 10x of deposited amount using mint() => received 195.6M eDAI and 200M dDAI from Euler

5) Repay part of debt using the remaining 1/3 of funds using repay() => sent 10M DAI and burned 10M dDAI

6) Repeat 4th step => received 195.6M eDAI and 200M dDAI from Euler pic.twitter.com/pAAnqpUwYJ

— Igor Igamberdiev (@FrankResearcher) March 13, 2023

PeckShield revealed that the weakness was in the “donateToReserve” function on the DEFi platform’s smart contract which with the wrong conversion resulted in liquidation. 

2/ The hack is made possible due to the flawed logic its donation and liquidation. Specifically, the donateToReserves needs to ensure the donator is still over-collateralized. And liquidation needs to ensure the *correct* conversion rate from borrow to collateral asset. pic.twitter.com/dsHUP1orRP

— PeckShield Inc. (@peckshield) March 13, 2023

Is there hope?

The platform’s telegram and discord channels are in chaos with investors questioning what transpired with some asking whether there is any hope for recovery of the funds. 

However, any chances of recovery are diminishing since PeckShield stated that part of the attack’s proceeds has already been laundered using Tornado Cash, a US-sanctioned platform that enabled users to hide their transactional history.

Additionally, based on market data from Euler, there are only about $200 in WBTC  and $208 in USDC left in the lending market. The DAI and stETH markets were both emptied. However, the markets pages now display an error.

As a result of this exploit, EUL, the native token of the DeFi project, has dropped 50%.

Related News:

• Saudi NFT Marketplace Nuqtah Raises Seed Funding From Animoca Brands And Polygon

• National Australia Bank Makes Its First Ever Cross-border Stablecoin

• How to Buy Cryptocurrencies