Euler Finance Sends Stern Warning to Hacker

Euler Finance has issued a strong warning to the hacker who employed flash loan assaults on their protocol to filch $200 million of users' assets. The Euler Finance crew stated their willingness to offer a $1 million reward to anyone with information that can help track down and apprehend the criminal, as well as retrieve the funds and restore them to their lawful proprietors.

Euler Finance Suffers a Loss of $197M Due to the Hacker

Euler Finance suffered a loss of $197 million worth of stETH, wstETH, WBTC, USDC, DAI, and WETH due to an exploit. Following the hacker's withdrawal, the protocol was left with only a small amount of tokens. One of the initial indicators of this nefarious activity was a significant increase in borrowing volume within an hour on the Euler protocol.

The perpetrator utilized the "DonateToReserves()" feature to deliberately place their positions in a disadvantaged state, which allowed them to liquidate their holdings. As a result, the attacker was able to capture both the collateral and the liquidation bonus, resulting in considerable profits.

Since all of the hacks occurred in the same block, there was no time for countermeasures to be taken to prevent the exploit. However, one possible solution for thwarting future similar attacks is to use Miner Extractable Value (MEV) bots, which can detect and preempt malicious transactions in real time.

Only USDT and cbETH Not Targeted

Out of all the collateral-type tokens on Euler, only USDT and cbETH were not targeted. This appears to be due to the low liquidity on-chain. cbETH has several smaller pools distributed across protocols, and the main USDT pool (3pool on curve) has been exhausted of most of its USDT due to the USDC panic over the weekend.

After the attack, the hacker paid off their flashloans from Aave v2 and Balancer and swapped all seized assets to ETH and DAI. The swap from stETH to ETH was large enough to move Curve's stETH pool liquidity composition by nearly 5%.