Hello. The decentralized finance protocol Euler Finance suffered a hack which caused a loss of USD 197 million. The hacker stole funds in various cryptocurrencies, including Lido ether staking token stETH, bitcoin token Wrapped BTC (wBTC), and stablecoins USD Coin (USDC) and DAI.
The hacker took advantage of an oversight in the security code in an update that the platform made some time ago to regulate the operation of Etoken, which is the most used token on the platform, because of this Euler Finance stopped operations with EToken.
No Euler Finance developers realized there was a flaw in the security code until recently, the vulnerability was on-chain for eight months. today Euler released a statement but does not say anything about the funds lost by its users which causes much discontent.
On the other hand, Euler Labs, the company behind Euler Finance, released the news that it is seeking the help of researchers from TRM Labs, Chainalysis and "the Ethereum community" to identify the hacker. I think a trace search will be started to see where the stolen funds ended up, according to British and US authorities who were also notified about the case.
In recent years, DeFi protocols have been easy victims for multi-billion dollar thefts. Mostly due to a security flaw in its codes, compared to other multimillion-dollar robberies, this robbery came out somewhat cheap since in 2022 the BSC Token Hub (USD 569 million) was hacked, the Ronin network, from the game Axie Infinity (USD 540 million) and the Solana Wormhole Bridge (USD 340 million).
What process did the hacker use? |
|---|
According to the news that I read, as I mentioned earlier, the hacker took advantage of an error in the security code that allows you to make donations without the account being verified by a KYC process, that is, you could send money under that concept, you were free to withdraw unrestricted money.
Although the Euler Finance protocol has an automatic liquidation mechanism for the cryptocurrencies that the user uses as collateral when requesting a debt, this normally differs in the case of donations. What the hacker did is take advantage of the fact that the code flaw allowed him to create a bad debt in the form of unsecured leverage by donating his EToken units, without affecting his DToken balance.
Now we just have to wait and see if capturing the hacker who stole the $197 million through transaction tracking will not be an easy task as long as the hacker doesn't make any other moves within a few years.