Hackers Steal $197 Million in Crypto in Euler Finance Attack

The Euler Finance lending protocol was hit by a cryptocurrency flash lending attack on Sunday, with the threat actor stealing $197 million worth of multiple digital assets.

The cryptocurrency theft involved multiple tokens, including $8.75 million in DAI, $18.5 million in WBTC, $33.85 million in USDC, and $135.8 million in stETH.

The attacker’s ETH wallet used to store the stolen funds is being tracked, so it will be a challenge for the perpetrator to move the stolen funds and convert them into a usable form.

However, Elliptic reports that threat actors are already laundering the proceeds through licensed cryptocurrency mixer Tornado Cash.

The UK-based startup behind Euler Finance, Euler Labs, shared a short statement on Twitter, saying they are currently engaging with security professionals and law enforcement agencies and will release more information when ready.


The attack caused the value of the Euler Token (EUL) to drop 44.2% overnight, from $6.56 to $3.37 as of this writing.

Quick loan attacks exploit a vulnerability in a lending protocol to borrow a large sum of money without having to return its value to the service.

The attackers use an exploit that allows them to manipulate the price of a token or asset on the platform during the few seconds they have the amount borrowed, so when the trade is complete, they make a huge profit.

A similar flash lending attack targeted the Beanstalk DeFi platform in April 2022, when threat actors stole $182 million worth of assets.

Blockchain security and analytics company PeckShield reported that Euler’s hack was possible due to faulty logic in his donation and settlement system.

More specifically, the “donateToReserves” function did not verify that the attacker was donating an overcollateralized sum, and the settlement system did not correctly verify the conversion rate from loan to collateral.

Euler code failure
Euler Finance logic error (PeckShield)

These flaws allowed attackers to manipulate the conversion rate to profit from the settlement process.

PeckShield says that the attack involved two hackers, a borrower and a liquidator, who worked in coordination to perform the required actions illustrated in the diagram below.

Attack Steps Performed by Hackers
Attack Steps Performed by Hackers (PeckShield)

DeFi hacks have increased in the past two years, with hackers abandoning their efforts to attack exchanges and shifting their focus to rapidly exploiting logical flaws in the crypto-lending platform’s smart contracts.

These attacks are so devastating that they can derail a healthy and thriving company that has already undergone multiple security audits overnight.

Source link

James D. Brown
James D. Brown
Articles: 8279