The Ethereum-based lending platform Euler Finance became the victim of a flash loan attack on March 13, in which the attacker stole millions in DAI stablecoins and other cryptocurrencies.
The exploiter conducted several transactions, stealing approximately $197 million, which now stands as the biggest hack of 2023, according to on-chain data posted on Twitter by the Web3 research company Omniscia.
According to reports, the attacker took advantage of vulnerable code to fund the protocol’s reserves and then used that cash to create an unbacked token debt position. The attacker was able to liquidate these “underwater accounts” as a result, making a profit from the bonuses.
The non-custodial lending protocol also confirmed the incident on Twitter, stating that they were aware of it, that their team was coordinating with law enforcement and security experts, and that they would provide more details as soon as they become available.
We are aware and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it. https://t.co/bjm6xyYcxf
— Euler Labs (@eulerfinance) March 13, 2023
Euler Finance Takes Steps to Recover Lost Assets
The UK tech startup claimed to have started exploring the “unlawful extraction of funds” from the protocol. It insisted that its staff had contacted law enforcement authorities, shared information with them, and worked with outside auditors and security companies in an effort to try and recoup the assets and figure out exactly what had happened.
“Our number one priority is recovering funds for Euler Protocol users, and we are working as hard as we can to make that happen,” it tweeted.
Meanwhile, on March 14, Euler provided an update on the situation and informed its users that the vulnerable token module had been disabled to prevent deposits and the vulnerable contribution feature from working.
The company claimed that it collaborates with several security teams to conduct audits of its protocol and that the susceptible code was examined and authorized during an external audit. The vulnerability, however, was not detected during the inspection.
An update on our work today to recover funds for Euler protocol users.
Here are a few actions we took immediately:
1. Stopped the direct attack as soon as possible by helping disable the EToken module, which blocked deposits and the vulnerable donation function
2. Engaged TRM… https://t.co/6ZClE9uGoH
— Euler Labs (@eulerfinance) March 14, 2023
Moreover, the business is alleged to have engaged TRM Labs, Chainalysis, and other ETH security communities to assist with the investigation and seek to recover assets for users of the Euler protocol. They further assert that they provided the information to law enforcement in the US and the UK.
Defi protocol exploits are becoming more prevalent as the crypto industry is booming. As recently reported by Crypto Economy, DeFi platforms lost an estimated $21 million to cyber attackers in February 2023. The largest one this year, though, is the most recent one with Euler Finance.