Security & Audits
Share
On March 13th, Euler Finance, a lending protocol on the Ethereum blockchain, experienced a flash loan attack, resulting in the theft of millions worth of Dai, USDC, Staked Ether (StETH), and Wrapped Bitcoin (WBTC).
Using multiple transactions, the attacker has managed to steal almost $196 million, making it the largest hack of 2023 so far, according to on-chain data.
According to Cointelegraph, the breakdown of stolen funds is as follows:
Crypto analytics firm Meta Seluth reported that the recent attack on Euler Finance is linked to a similar deflation attack that occurred a month ago.
The attacker used a multichain bridge to transfer the stolen funds from Binance Smart Chain to Ethereum and carried out the attack.
Another on-chain investigator, ZachXBT, noted that the attack bears similarities to a previous hack that targeted a Binance Smart Chain-based protocol. The stolen funds are now in the hacker's addresses and include Dai and ETH.
Euler Finance confirmed the breach and announced that they are collaborating with law enforcement and security professionals to find a solution to the issue.
Slowmist, a blockchain security firm, conducted a thorough analysis of the attack and concluded that the attacker utilized flash loans to deposit funds and then used them twice to initiate liquidation.
Disclaimer of Warranty
The information provided in this article is for general informational purposes only. We make no warranties about the completeness, reliability, and accuracy of this information. Read full disclaimer
The funds were then donated to the reserved address and a self-liquidation was carried out to claim any remaining assets. Two factors enabled the exploit to be successful.
Based on Cointelegraph's data, firstly, the funds were transferred to the reserved address without undergoing a liquidity check, which activated a soft liquidation process.
Secondly, the high leverage triggered the soft liquidation process, allowing the attacker to take most of the collateral funds from the liquidated user's account by transferring only a portion of the liabilities to themselves.
According to Gustavo Gonzalez, a solutions developer at blockchain security firm OpenZeppelin, the flash loan attack on Euler Finance was executed in a single transaction per pool using AAVE.
Gonzalez explained that a smart contract bug in Euler Finance failed to conduct a health factor check during the donateToReservers() function execution. This allowed the attacker to liquidate themselves from the protocol, repay the flashloan, and earn a massive profit.
It is worth noting that Euler Finance had raised $32 million from a funding round last year, which included participation from Coinbase, FTX, Jump, Jane Street, and Uniswap.
Euler Finance had become popular for providing liquid staking derivatives (LSDs), which enable stakers to maximize their returns by unlocking liquidity for staked cryptocurrencies like Ether.
At present, LSDs account for 20% of the total value locked in decentralized finance protocols.
Editor's Picks
Crypto-Collateral Mortgage Gap Signals Future Opportunity for Dubai
Walid Abou Zaki
Mar 28, 2026
7 min
The UAE’s Institutional Digital Assets Moment: Why Regulatory Activation Matters Now
Walid Abou Zaki
Mar 27, 2026
6 min
Bitcoin, Hashrate, and Why High Energy Prices Will Expose Mining Survivors
Walid Abou Zaki
Mar 26, 2026
7 min
Read More Articles
In the Same Space
Crypto-Collateral Mortgage Gap Signals Future Opportunity for Dubai
Walid Abou Zaki
Mar 28, 2026
7 min
The UAE’s Institutional Digital Assets Moment: Why Regulatory Activation Matters Now
Walid Abou Zaki
Mar 27, 2026
6 min
Strategic MoU Signed by Fuze and Miden to Advance Regulated Digital Assets in Banking
News Desk
Mar 27, 2026
3 min
16th Global Blockchain Congress Postponed Amid Focus on Safety and Experience
News Desk
Mar 27, 2026
1 min
