Share this article
Euler DeFi Protocol Exploited for Nearly $200M
The losses occurred over four transactions in dai (DAI), wrapped bitcoin (WBTC), staked ether (sETH) and USDC after the attacker conducted a flash loan attack.
Updated May 9, 2023, 4:10 a.m. Published Mar 13, 2023, 9:55 a.m.
Make us preferred on Google
Decentralized-finance (DeFi) lending protocol Euler Finance has suffered an exploit that resulted in almost $200 million being lost.
The losses occurred over four transactions in , wrapped bitcoin (WBTC), staked ether (sETH) and USDC, according to smart contract auditor BlockSec. The attacker used a flash loan to conduct the attack.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
"We are aware and our team is currently working with security professionals and law enforcement," Euler Finance said in a tweet. "We will release further information as soon as we have it."
Flash loans allow DeFi users to borrow millions of dollars against zero collateral. This isn’t crypto magic or free money: The loan must be repaid before the transaction ends or the smart contract reverses the transaction – as if the loan never existed. They are a popular way for attackers to gain funds to conduct exploits on decentralized systems. In April 2022, the Beanstalk stablecoin protocol was drained of $182 million, and in May 2022, more than $1.2 million was taken from Inverse Finance.
Euler's attackers used the loan to temporarily trick the protocol into falsely assuming it held a low amount of eToken, a collateral token issued by Euler based on whichever token is deposited on the protocol. A separate dToken, or debt token, is also issued by Euler so that an on-chain liquidation is automatically triggered when the amount of dTokens exceeds the amount of eTokens held on the platform.
The attacker took out over $30 million worth of dai stablecoin using flash loans from DeFi protocols Balancer and Aave, on-chain data shows. Some $20 million of that was sent to Euler, on which the attacker received $19.5 million worth of eDAI.
The attacker then borrowed 10 times the deposited amount from Euler, receiving 195.6 million eDAI and 200 million dDAI. The attacker repaid part of the initial debt using the remaining funds, tricking the protocol into falsely assuming it owed more to depositors than it held.
5/7
— Igor Igamberdiev (@FrankResearcher) March 13, 2023
7) Donate 10x of repaid funds using donateToReserves() => sent 100M eDAI to Euler
Liquidator:
8) Liquidate a violator’s account using liquidate() because eDAI < dDAI => received 310M eDAI and 259M dDAI of debt from the violator pic.twitter.com/JTHrPTY2Gt
DeFi exploits – in which hackers make use of the open-source nature of a platform's code to gain unauthorized access to its assets – are one of the foremost problems plaguing the industry.
According to blockchain analytics firm Chainalysis, over $3 billion was stolen from DeFi protocols via hacks or exploits in 2022.
Read more: Oasis Exploits Its Own Wallet Software to Seize Crypto Stolen in Wormhole Hack
UPDATE (March 13, 10:10 UTC): Adds comment from Euler Finance and information on the nature of exploits and their prevalence in the DeFi industry
UPDATE (March 13, 12:15 UTC): Updates amount taken in headline, first paragraph; adds attack vector in second paragraph, attack details starting in fifth.
More For You
Pudgy Penguins is building a multi-vertical consumer IP platform — combining phygital products, games, NFTs and PENGU to monetize culture at scale.
What to know:
Pudgy Penguins is emerging as one of the strongest NFT-native brands of this cycle, shifting from speculative “digital luxury goods” into a multi-vertical consumer IP platform. Its strategy is to acquire users through mainstream channels first; toys, retail partnerships and viral media, then onboard them into Web3 through games, NFTs and the PENGU token.
The ecosystem now spans phygital products (> $13M retail sales and >1M units sold), games and experiences (Pudgy Party surpassed 500k downloads in two weeks), and a widely distributed token (airdropped to 6M+ wallets). While the market is currently pricing Pudgy at a premium relative to traditional IP peers, sustained success depends on execution across retail expansion, gaming adoption and deeper token utility.
More For You
World token jumps 27% as Sam Altman reportedly eyes a biometric social network to kill off bots
The WLD token surged after Forbes reported that Sam Altman's OpenAI is planning to use Worldcoin to fight bots online.
What to know:
- World’s WLD token jumped sharply on Wednesday after a Forbes report said Sam Altman’s OpenAI is exploring a biometric social network to combat online bots.
- The report said OpenAI has considered using Apple’s Face ID or World’s iris-scanning Orb device to verify human users, though no formal partnership between OpenAI and World has been confirmed.
- World Network, which has raised $135 million and says it has verified millions of people, is pitching its World ID system as a privacy-focused way to prove personhood online even as it faces regulatory scrutiny in countries such as Kenya and the U.K.
Top Stories
