Hackers steal nearly $200m from crypto lender Euler Finance

14 Mar 2023

Image: © raquel/Stock.adobe.com

A series of transactions revealed that Euler Finance was victim to a flash loan attack, with hackers exploiting a vulnerability for profit.

Euler Finance, a UK-based crypto platform, has lost an estimated $197m from hackers exploiting vulnerable code.

The hack was first noticed by blockchain company PeckShield, which sent an ominous tweet to Euler Finance that it “may want to take a look” at a series of transactions shown on an analysis platform.

These transactions hinted that Euler Finance was being exploited by a flash loan attack, which is when an attacker exploits a vulnerability to borrow a large sum of money to manipulate the price of tokens, profiting from the changes.

Euler Finance said the attacker “exploited vulnerable code” which allowed it to create an “unbacked token debt position by donating funds to the protocol’s reserves”.

“As a result, the attacker was able to liquidate these underwater accounts and profit from the liquidation bonuses,” Euler Finance said on Twitter.

The company said it stopped the attack “as soon as possible” by disabling the EToken module, which “blocked deposits and the vulnerable donation function”. The company also said it had shared details with US and UK law enforcement.

“We are devastated by the effect of this attack on Euler protocol users and will continue to work with our security partners, law enforcement, and the broader community to resolve this as best we can,” Euler Finance said on Twitter.

The company said that the vulnerability has been “on-chain” for eight months until it was exploited, despite a $1m bug bounty being in place.

Despite the large sum stolen, this isn’t the largest DeFi exploit reported. That title still appears to go to Ronin, the gaming-focused blockchain network that was hacked last March.

This hack led to approximately $625m worth of cryptocurrency being stolen. A month later, the US Treasury and FBI linked the incident to the North Korean hacker group Lazarus, which was previously blamed for the notorious WannaCry cyberattack in 2017.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic