- Attacker borrowed 10 times what he had deposited, got 200M dDAI and 195.6M eDAI
- More than $3B was stolen from DeFi protocols via exploits or hacks in 2022
DeFi lender Euler Finance is offering a reward of $1 million for any information about the exploiter behind a flash loan attack, which incurred losses of almost $200 million to the protocol, CoinDesk reported.
Euler developers informed that they would offer the reward unless 90% of the stolen funds were returned in the next 24 hours.
On March 13, the lending protocol suffered an exploit consisting of four transactions in USD Coin, the stablecoin Dai, wrapped bitcoin (WBTC), and staked ether (sETH).
The exploiter conducted the attack by means of a flash loan.
What is a flash loan?
A flash loan is a type of loan that is provided instantly, without any collateral, and is repaid within the same transaction block. It is a DeFi tool that allows users to borrow large amounts of cryptocurrency as long as they can pay back the loan within the same block.
Flash loans are made possible by smart contracts, which execute the loan automatically if certain conditions are met. They offer users quick access to large amounts of liquidity, which they can use for a variety of purposes, such as arbitrage, trading, or collateral swapping.
Flash loans also carry a high level of risk, as the entire loan must be repaid within the same transaction block, or the transaction will be invalidated. They are often used for malicious purposes, such as manipulating the market or stealing funds. Chainalysis data shows cybercriminals stole more than $3 billion from DeFi protocols via exploits or hacks last year.
Anatomy of the attack
The attacker managed to trick Euler into thinking they held very little eToken, which is Euler’s collateral token, and more dToken, Euler’s debt token. Euler issues dToken to trigger on-chain liquidation when the platform holds more dTokens than eTokens.
The exploiter took out a loan of more than $30 million in Dai using flash loans from Aave and Balancer. He sent Euler $20 million of that, getting $19.5 million worth of eDAI in return.
Then, he borrowed 10 times what he had deposited, obtaining 200 million dDAI and 195.6 million eDAI. He used the funds left over to repay a portion of the initial debt, misleading Euler to believe it owed depositors more than it held.