Hackers steal $197 million in crypto in Euler Finance attack

Lending protocol Euler Finance was hit by a cryptocurrency flash loan attack on Sunday, with the threat actor stealing $197 million in multiple digital assets.

The cryptocurrency theft involved , including $8.75 million worth of DAI, $18.5 million in WBTC, $33.85 million in USDC, and $135.8 million in stETH.

The ‘ used to store the stolen funds is being tracked, so it will be challenging for the perpetrator to move the stolen funds around and convert them to a usable form.

However,  that the threat actors are already laundering the proceeds through the  cryptocurrency mixer Tornado Cash.

The startup behind Euler Finance, UK-based Euler Labs, shared a brief statement on Twitter, saying that they are currently engaging with security professionals and law enforcement agencies and will release more information when ready.

The attack caused the Euler (EUL) token value to  overnight, going from $6.56 to $3.37 when writing this.

Flash loan attacks exploit a vulnerability in a lending protocol to borrow a large sum of money without having to return its value to the service.

The attackers use an exploit that allows them to manipulate the price of a token or asset on the platform during the few seconds that they hold the lent amount, so when the trade is complete, they are left with a massive profit.

A similar flash loan attack targeted the  in April 2022, when threat actors stole $182 million in assets.

Blockchain security and analytics company  that the hack of Euler was made possible due to the flawed logic in its donation and liquidation system.

More specifically, the function “donateToReserves” did not verify that the attacker was donating an over-collateralized sum, and the liquidation system did not correctly verify the conversion rate from the borrowed to the collateral asset.

Euler code flaw
Euler Finance logic flaw (PeckShield)

These flaws allowed the attackers to manipulate the conversion rate to profit from the liquidation process.

PeckShield says the attack involved two hackers, a borrower and a liquidator, working in coordination to perform the required actions illustrated in the below diagram.

Attack steps performed by the hackers
Attack steps performed by the hackers (PeckShield)

DeFi hacks have been in the past couple of years, with hackers abandoning their efforts to attack exchanges and shifting their focus to the rapid exploitation of logic flaws in crypto lending platform’s smart contracts.

These attacks are so devastating that they can derail overnight a healthy and prosperous company that has already undergone multiple security audits.