This Is How A Hacker Stole Roughly $200 Million From Euler Finance, A DeFi Protocol

Euler Finance, a decentralized finance (DeFi) lending protocol on Ethereum, lost about $200 million due to the instant loans hack. This loss makes it the biggest DeFi hack of 2023.

Exploiting $200 million Euler Finance

On March 13, 2023, Euler Finance confirmed that it had been attacked, resulting in approximately $200 million in damage. The protocol is now working with law enforcement and security professionals.

To perform the hack, the attacker targeted four tokens: DAI, an algorithmic stablecoin; wrapped bitcoin (WBTC); staking ethereum (sETH); and USDC, a fiat-backed stablecoin. In recent months, Euler Finance has become popular for offering liquid derivatives (LSD) services. Notably, it is ahead of the Shanghai-Capella update on Ethereum, a smart contract platform.

Ethereum Price March 13 |  Source: ETHUSDT on Binance, TradingView
Ethereum Price March 13 | Source: ETHUSDT on Binance, TradingView

According to Dedaub, a provider of smart contract auditing services, the attacker used flash loans from Aave, a non-custodial lending protocol, to carry out the attack. Prior to this, funds were first transferred from the BNB Smart Chain (BSC) before they were deployed to the Euler Finance hack.

In an instant loan attack, the attacker borrows a large amount of tokens without collateral, usually using instant credit. They then use that loan to manipulate the value of other tokens in the pool, in most cases driving down the price of the target asset. That being said, they can buy that token at a lower price and quickly sell it back for a profit once the price recovers.

BitStarz player wins record $2,459,124! Can you be the next big winner?

Instant loan attack

In the case of Euler Finance, the quick loan was used on two occasions, leading to mass liquidation. In particular, the attacker tricked the protocol into falsely suggesting that it contains a small amount of eToken, a collateral token issued by Euler based on which token is deposited in the protocol.

They then borrowed ten times the deposit from Euler, receiving 195.6 million eDAI and 200 million dDAI.

This type of exploit is known as a liquidity attack. It is also one of the most common types of DeFi hacks.

Essentially, the attackers manipulate the protocol’s liquidity calculations, allowing the attacker to borrow more funds than they should, resulting in huge losses for the protocol and its users.

The Euler hack is the latest of many DeFi exploits that have plagued the industry in recent times. In 2022 alone, more than $3 billion was stolen from DeFi protocols through hacks or exploits, according to analytics firm Chainalysis.

DeFillama data shows that hackers stole over $20 million in February 2023. Victims include Orion, dForce network and Platypus Finance.

In February, the dForce network lost $3.65 million and Platypus Finance was hacked for over $8 million.

Function image from Canva, chart from TradingView

Credit :

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker