Ethereum-based crypto lending protocol Euler Finance has suffered a hacker attack, resulting in a loss of almost $197 million in crypto.
Subscribe to our Telegram channel to get daily short digests about events that shape the crypto world
According to data from an analytical research firm BlockSec, the hacker drained over $8.8 million in DAI, over $135.8 million in tokenized ether (stETH), more than $33.8 million in USDC and other altcoins. A spokesperson for Euler has confirmed the attack, saying the team is "working with security professionals and law enforcement."
After the news broke, Euler's native toke EUL plunged over 50% to $2.9, according to data from CoinGecko.
Officially, it is unclear how exactly the bad actor managed to steal the funds. However, BlockSec claims the hacker succeeded in the attack due to the lack of liquidity check in the function donateToReserves().
The attack scheme is explained as follows. The hacker used a flash loan of 20 million in DAI to get 20 million in tokenized eDAIc. However, given the protocol enables leveraging borrow, the attacker minted 195 million in eDAI and 200 million in dDAI.
Later, 10 million in eDAI debt was repaid, which means the attacker got 215 million in eDAI and 190 million in dDAI. This manipulation allowed the hacker to repeat the deposit scheme several times, bringing the total holdings to 410 million in eDAI and 390 million in dDAI. After that, the attacker invoked the function donateToReserve() to donate 100 million eDAI. During the process of the code execution, the attacker liquidates himself, generating 38 million in eDAI profits, BlockSec concluded.
Founded in 2020, Euler Finance raised a total of $40 million from over 20 investors, including the now-bankrupt crypto exchange FTX, Coinbase, Jane Street, Jump Crypto and others.
Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange