CompaniesGlobal News

Largest Hack of 2023: Euler Finance Suffers Massive $196M Loss in Flash Loan Attack

Photo of News Desk News Desk Send an email 20 March 2023
2 minutes read

On March 13th, Euler Finance, a lending protocol on the Ethereum blockchain, experienced a flash loan attack, resulting in the theft of millions worth of Dai, USDC, Staked Ether (StETH), and Wrapped Bitcoin (WBTC).

Using multiple transactions, the attacker has managed to steal almost $196 million, making it the largest hack of 2023 so far, according to on-chain data.

According to Cointelegraph, the breakdown of stolen funds is as follows: 

Crypto analytics firm Meta Seluth reported that the recent attack on Euler Finance is linked to a similar deflation attack that occurred a month ago.

The attacker used a multichain bridge to transfer the stolen funds from Binance Smart Chain to Ethereum and carried out the attack.

Another on-chain investigator, ZachXBT, noted that the attack bears similarities to a previous hack that targeted a Binance Smart Chain-based protocol. The stolen funds are now in the hacker’s addresses and include Dai and ETH.

Euler Finance confirmed the breach and announced that they are collaborating with law enforcement and security professionals to find a solution to the issue.

Slowmist, a blockchain security firm, conducted a thorough analysis of the attack and concluded that the attacker utilized flash loans to deposit funds and then used them twice to initiate liquidation.

The funds were then donated to the reserved address and a self-liquidation was carried out to claim any remaining assets. Two factors enabled the exploit to be successful.

Based on Cointelegraph’s data, firstly, the funds were transferred to the reserved address without undergoing a liquidity check, which activated a soft liquidation process.

Secondly, the high leverage triggered the soft liquidation process, allowing the attacker to take most of the collateral funds from the liquidated user’s account by transferring only a portion of the liabilities to themselves.

According to Gustavo Gonzalez, a solutions developer at blockchain security firm OpenZeppelin, the flash loan attack on Euler Finance was executed in a single transaction per pool using AAVE.

Gonzalez explained that a smart contract bug in Euler Finance failed to conduct a health factor check during the donateToReservers() function execution. This allowed the attacker to liquidate themselves from the protocol, repay the flashloan, and earn a massive profit.

It is worth noting that Euler Finance had raised $32 million from a funding round last year, which included participation from Coinbase, FTX, Jump, Jane Street, and Uniswap.

Euler Finance had become popular for providing liquid staking derivatives (LSDs), which enable stakers to maximize their returns by unlocking liquidity for staked cryptocurrencies like Ether.

At present, LSDs account for 20% of the total value locked in decentralized finance protocols.

Tags
Photo of News Desk News Desk Send an email 20 March 2023
2 minutes read
Photo of News Desk

News Desk

UNLOCK Blockchain News Desk is fueled by a passionate team of young individuals deeply immersed in the world of Blockchain and Crypto. Our mission? To keep you, our loyal reader, on the cutting edge of industry news. Drop us a line at info(@)unlock-bc.com to connect with our team and stay ahead of the curve!

Related Articles

Crypto News Consensys sues SEC for Ethereum

Consensys Strikes Back: Lawsuit Against SEC to Safeguard Ethereum Ecosystem

26 April 2024
FBI warning on Crypto US crypto News

FBI Issues Warning Amidst US Crypto Regulatory Crackdown

26 April 2024
Blockchain and Crypto News MENA UAE

Ensuring Privacy: Dr. Joachim Nagel’s Commitment to Trust in the Digital Euro

25 April 2024
Blockchain & Crypto News ADGM

ADGM and Hacken Partner to Elevate Blockchain Security Standards

24 April 2024
© Copyright 2024 The Unlock Company DMCC
Back to top button
Please enter CoinGecko Free Api Key to get this plugin works.