Euler Finance, a decentralized finance (DeFi) lending protocol on Ethereum, lost about $200 million due to the instant loans hack. This loss makes it the biggest DeFi hack of 2023.
Exploiting $200 million Euler Finance
On March 13, 2023, Euler Finance confirmed that it had been attacked, resulting in approximately $200 million in damage. The protocol is now working with law enforcement and security professionals.
We know and our team is currently working with security professionals and law enforcement. We will post additional information as soon as we have it. https://t.co/bjm6xyYcxf
— Euler Laboratories (@eulerfinance) March 13, 2023
To perform the hack, the attacker targeted four tokens: DAI, an algorithmic stablecoin; wrapped bitcoin (WBTC); staking ethereum (sETH); and USDC, a fiat-backed stablecoin. In recent months, Euler Finance has become popular for offering liquid derivatives (LSD) services. Notably, it is ahead of the Shanghai-Capella update on Ethereum, a smart contract platform.
According to Dedaub, a provider of smart contract auditing services, the attacker used flash loans from Aave, a non-custodial lending protocol, to carry out the attack. Prior to this, funds were first transferred from the BNB Smart Chain (BSC) before they were deployed to the Euler Finance hack.
In an instant loan attack, the attacker borrows a large amount of tokens without collateral, usually using instant credit. They then use that loan to manipulate the value of other tokens in the pool, in most cases driving down the price of the target asset. That being said, they can buy that token at a lower price and quickly sell it back for a profit once the price recovers.
Instant loan attack
In the case of Euler Finance, the quick loan was used on two occasions, leading to mass liquidation. In particular, the attacker tricked the protocol into falsely suggesting that it contains a small amount of eToken, a collateral token issued by Euler based on which token is deposited in the protocol.
They then borrowed ten times the deposit from Euler, receiving 195.6 million eDAI and 200 million dDAI.
🚨 Euler suffered a seizure
Analysis of 1 transactions that shows the attacker’s income of $8.9M+
1. Instant loan
2. Deposit 20 million DAI
3. Like eDAI at 200m
4. Redeem 10M DAI
5. Like eDAI at 200m
6. Donate 100 million eDAI to reserves
7. Liquidate yourself to get 259M eDAI and 38.9M DAI.
8. Close express loan pic.twitter.com/8cjHwDgX3y— Dedaub (@dedaub) March 13, 2023
This type of exploit is known as a liquidity attack. It is also one of the most common types of DeFi hacks.
Essentially, the attackers manipulate the protocol’s liquidity calculations, allowing the attacker to borrow more funds than they should, resulting in huge losses for the protocol and its users.
The Euler hack is the latest of many DeFi exploits that have plagued the industry in recent times. In 2022 alone, more than $3 billion was stolen from DeFi protocols through hacks or exploits, according to analytics firm Chainalysis.
2/ At this rate, 2022 is likely to surpass 2021 as the biggest year of hacks on record. So far, the hackers have made over $3 billion from 125 hacks. pic.twitter.com/vgT3pz2iOu
— Chain Analysis (@chainalysis) October 12, 2022
DeFillama data shows that hackers stole over $20 million in February 2023. Victims include Orion, dForce network and Platypus Finance.
In February, the dForce network lost $3.65 million and Platypus Finance was hacked for over $8 million.
Credit : www.newsbtc.com
