- The chances of the hacker returning the whole amount are slim to none
- Euler was hacked despite 10 audits in two years
The recent attack that cost Euler Finance $197 million was the biggest decentralized finance (DeFi) hack so far this year. The hacker has started returning the money, however, so this may soon change.
On Saturday, March 18, the hacker sent around 3,000 ether ($5.4 million) to Euler Finance’s deployer address from his own, CoinTelegraph wrote. Blockchain sleuth PeckShield reported that he had sent the funds in three transactions of 1,000 ether each.
Hacker not likely to return the full amount
The chances of the hacker returning the whole amount are slim to none. At the time of publication, no more transactions had taken place.
On March 16, the lending platform announced a $1 million bounty to find the hacker and get the stolen money back. The funds were moved into Tornado Cash soon after the reward was announced.
Ingenious attack perpetrated via flash loan
The hacker perpetrated an ingenious flash loan attack on March 13. Michael Bentley, CEO of Euler Labs, described the days following the attack as “the hardest” in his life in a series of tweets on March 17.
The lending protocol suffered an exploit consisting of four transactions inUSD Coin, the stablecoin Dai, wrapped bitcoin (WBTC), and staked ether (sETH).
The exploiter tricked Euler into thinking they held very little eToken, which is Euler’s collateral token, and more dToken, Euler’s debt token. Euler issues dToken to trigger on-chain liquidation when the platform holds more dTokens than eTokens.
Platform was hacked despite 10 audits in two years
Before losing the $196 million in the attack, Euler Finance had been classified as “nothing higher than low risk” by several auditors. The lending protocol underwent ten different audits, carried out by six independent firms over a period of two years.
It was deemed to have “no outstanding issues.” A user even tweeted it had “always been a security-minded platform.”