Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
Euler Finance has sent a stern warning to the hacker who stole $200 million of users' funds by using flash loan attacks on the protocol. The team behind Euler Finance has announced that it is ready to put up a $1 million bounty on the hacker for any information that will lead to the arrest of the attacker and return of the funds to the rightful owners.
The announcement comes after Euler Finance was exploited for $197 million in stETH, wstETH, WBTC, USDC, DAI and WETH. After the hacker's withdrawal, the protocol was left with very few tokens. One of the initial red flags was a massive spike in borrowing volume within an hour in the Euler protocol.
1/10 The recent exploit of Euler protocol caused the loss of $197M worth of stETH, wstETH, WBTC, USDC, DAI, and WETH. Let's examine the initial red flags of the exploit and how it was executed by using the Risk Radar for Euler: https://t.co/rO5rRIU2Rm #EulerFinance
— IntoTheBlock (@intotheblock) March 13, 2023
The hacker used the "DonateToReserves()" function to intentionally put their positions underwater, allowing them to liquidate their positions. By doing so, the hacker was able to seize both the collateral and the liquidation bonus, resulting in significant gains for the attacker.
All of the hacks took place in the same block, making it challenging to prevent the exploit, as there was no time for any countermeasures to be implemented. However, one potential solution for future attacks of a similar nature is the use of Miner Extractable Value (MEV) bots, which are able to detect and front-run malicious transactions in real time.
Out of all the collateral-type tokens on Euler, only USDT and cbETH were not targeted. This appears to be due to the low liquidity on-chain. cbETH has several smaller pools distributed across protocols, and the main USDT pool (3pool on curve) has been exhausted of most of its USDT due to the USDC panic over the weekend.
After the attack, the hacker paid off their flashloans from Aave v2 and Balancer and swapped all seized assets to ETH and DAI. The swap from stETH to ETH was large enough to move Curve's stETH pool liquidity composition by nearly 5%.
Godfrey Benjamin
Yuri Molchan
