Euler Finance, a decentralized finance (DeFi) lending protocol on Ethereum, has misplaced roughly $200 million by means of a flash mortgage hack. This loss makes it the largest DeFi hack in 2023.
Euler Finance’s $200 Million Exploit
On Mar. 13, 2023, Euler Finance confirmed that it had suffered an assault, leading to roughly a $200 million loss. The protocol is now working with legislation enforcement and safety professionals.
We’re conscious and our crew is at present working with safety professionals and legislation enforcement. We’ll launch additional data as quickly as we’ve it. https://t.co/bjm6xyYcxf
— Euler Labs (@eulerfinance) March 13, 2023
To execute the hack, the attacker focused 4 tokens: DAI, an algorithmic stablecoin; wrapped-Bitcoin (WBTC); staked-Ethereum (sETH); and USDC, a fiat-backed stablecoin. In latest months, Euler Finance has change into common for providing liquid staking derivatives (LSD) providers. Notably, it comes forward of the Shanghai-Capella improve on Ethereum, a wise contract platform.
In keeping with Dedaub, a wise contract auditing service supplier, the attacker used flash loans from Aave, a non-custodial lending protocol, to hold out the assault. Forward of this, funds had been first bridged from BNB Sensible Chain (BSC) earlier than it was deployed to interrupt Euler Finance.
In a flash mortgage assault, the attacker borrows a big token quantity with out collateral, usually utilizing a flash mortgage. Afterward, they use that mortgage to govern different tokens’ worth in a pool, generally driving down the value of the goal asset. With this, they will purchase that token at a lower cost and rapidly promote it again for a revenue as soon as the value recovers.
The Flash Mortgage Assault
In Euler Finance’s case, the flash mortgage was leveraged in two situations forcing huge liquidations. Particularly, the attacker tricked the protocol into falsely assuming it held a low quantity of eToken, a collateral token issued by Euler based mostly on whichever token is deposited on the protocol.
They then borrowed 10x the deposited quantity from Euler, receiving 195.6 million eDAI and 200 million dDAI.
🚨 Euler suffered an assault
Analyzing 1 tx that reveals an $8.9m+ return for the attacker
1. Flash mortgage
2. Deposit 20m DAI
3. Mint 200m eDAI
4. Repay 10m DAI
5. Mint 200m eDAI
6. Donate 100m eDAI to reserves
7. Liquidate your self for 259m eDAI yields 38.9m DAI
8. Shut flashloan pic.twitter.com/8cjHwDgX3y— Dedaub (@dedaub) March 13, 2023
Such a exploit is named a liquidity assault. It’s additionally probably the most widespread sorts of DeFi hacks.
Primarily, attackers manipulate the protocol’s liquidity calculations, which permits the attacker to borrow extra funds than they need to be capable of, resulting in huge losses for the protocol and its customers.
The Euler hack is the newest in lots of DeFi exploits which have plagued the business lately. In keeping with blockchain analytics agency Chainalysis, over $3 billion was stolen from DeFi protocols by way of hacks or exploits in 2022 alone.
2/ At this fee, 2022 will probably surpass 2021 as the largest 12 months for hacking on file. To date, hackers have grossed over $3 billion {dollars} throughout 125 hacks. pic.twitter.com/vgT3pz2iOu
— Chainalysis (@chainalysis) October 12, 2022
DeFiLlama data reveals hackers stole over $20 million in February 2023. Amongst these focused embrace Orion, dForce community, and Platypus Finance.
In February, the dForce community misplaced $3.65 million, whereas Platypus Finance was hacked for over $8 million.
Function Picture From Canva, Chart From TradingView
