Published
1 year ago on
March 27, 2023
Table of Contents
There have been significant developments in the ongoing Euler Finance saga, with the hacker returning a substantial amount of the stolen funds back to the protocol.
Majority Of Stolen Funds Back With Euler
Euler Finance finally received some good news as the hacker behind the crippling $200 million exploit of the platform returned a significant amount back to the protocol. Data from Etherscan revealed that over 51,000 ETH, valued at around $90 million as of Saturday, was sent back to Euler over the course of the weekend. Lookonchain tweeted about the developments, stating,
“The Euler Finance Exploiter sent 51,000 $ETH($89.2M) to Euler Deployer just now.”
However, the hacker also made several other transactions, transferring tens of millions of DAI stablecoins to another wallet, according to the available blockchain data. Just last week, Euler Finance put out a $1 million bounty offer for the hacker to return the funds. At the time, developers had asked for 90% of the stolen funds to be returned. To make matters worse for Euler, it also emerged that the Hacker themselves were possibly targeted by the notorious Lazarus Group.
The Euler Hack
Euler had suffered a massive exploit earlier in the month, with the hacker stealing $200 million lost over four transactions in dai (DAI), USD Coin (USDC), wrapped bitcoin (wBTC), and staked ether (sETH). According to developers, the attacker used a flash loan attack, temporarily tricking the platform into believing that it held varying amounts of eTokens and dTokens. Euler put out a statement at the time of the attack, stating it was working with professionals and law enforcement agencies to recover the stolen funds.
“We are aware, and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it.”
Many prominent industry members slammed the attack on the protocol, which focused on innovating on liquid staking derivatives that allowed Ethereum stakers to unlock the liquidity of their staked assets and use it for other purposes.
The Vulnerability
A postmortem of the hack was carried out, revealing that the vulnerability that allowed the exploit to occur remained on-chain for 8 months. The postmortem was conducted by Euler Finance’s auditing partner, Omniscia, after which it released a detailed report analyzing the vulnerability exploited by the hackers. The postmortem revealed that the vulnerability was a result of the protocol’s incorrect donation mechanism that allowed for donations to be performed without conducting a proper health check. The vulnerability was introduced in eIP-14, which also introduced several other changes to the Euler ecosystem.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Investment Disclaimer
