Decentralized finance, DeFi, is growing in popularity. However, many of these projects are still relatively new and therefore often contain vulnerabilities that are exploited by hackers. A recent example of this is Euler Finance, a lending protocol built on Ethereum (ETH). A hacker stole a whopping $196 million worth of crypto from the platform via a so-called flash loan attack.
Euler Finance loses $196 million
On March 13, Euler Finance was hit by a $196 million flash loan attack, one of the largest hacks of a DeFi protocol to date. Flash loans are loans that are issued in one transaction and are immediately repaid, and have become popular among DeFi users.
An update on our work today to recover funds for Euler protocol users.
Here are a few actions we took immediately:
1. Stopped the direct attack as soon as possible by helping disable the EToken module, which blocked deposits and the vulnerable donation function
2. Engaged TRM… https://t.co/6ZClE9uGoH
— Euler Labs (@eulerfinance) March 14, 2023
Euler Finance has issued an ultimatum to the hacker who stole the funds. The platform demands that the hacker return 90% of the stolen funds within 24 hours or legal action will be taken. That means that the hacker can basically keep about $20 million if he or she sends the rest back. However, it is unclear whether the hacker will be willing to comply with this demand.
euler just sent an on-chain message to the hacker pic.twitter.com/0wKIW51NjM
— 0xngmi (llamazip arc) (@0xngmi) March 14, 2023
Euler Labs is currently working on a fix for this hack. The company is working with governments in the United States and the United Kingdom to track down the hacker. However, it is still unknown whether these efforts will lead to the recovery of the stolen amount.
Audit did not see DeFi vulnerability
Euler Finance had a smart contract on the Ethereum blockchain that had been unchanged for eight months before the hack. This is a worrying fact because the vulnerability used in the hack was not discovered during an audit of the smart contract. This raises questions about how secure DeFi protocols actually are and whether audits are sufficient to detect vulnerabilities.
The hack at Euler Finance is yet another reminder of the dangers of using DeFi and crypto protocols without careful research and assessment of the risks. It is clear that DeFi is still in its infancy and there is still a lot of work to be done to ensure the security of these systems.