Euler Finance, a decentralized finance (DeFi) lending protocol on Ethereum, has misplaced roughly $200 million by way of a flash mortgage hack. This loss makes it the most important DeFi hack in 2023.
Euler Finance’s $200 Million Exploit
On Mar. 13, 2023, Euler Finance confirmed that it had suffered an assault, leading to roughly a $200 million loss. The protocol is now working with regulation enforcement and safety professionals.
We’re conscious and our group is at present working with safety professionals and regulation enforcement. We’ll launch additional data as quickly as we’ve got it. https://t.co/bjm6xyYcxf
— Euler Labs (@eulerfinance) March 13, 2023
To execute the hack, the attacker focused 4 tokens: DAI, an algorithmic stablecoin; wrapped-Bitcoin (WBTC); staked-Ethereum (sETH); and USDC, a fiat-backed stablecoin. In latest months, Euler Finance has turn into common for providing liquid staking derivatives (LSD) providers. Notably, it comes forward of the Shanghai-Capella improve on Ethereum, a sensible contract platform.
Based on Dedaub, a sensible contract auditing service supplier, the attacker used flash loans from Aave, a non-custodial lending protocol, to hold out the assault. Forward of this, funds have been first bridged from BNB Good Chain (BSC) earlier than it was deployed to interrupt Euler Finance.
In a flash mortgage assault, the attacker borrows a big token quantity with out collateral, usually utilizing a flash mortgage. Afterward, they use that mortgage to govern different tokens’ worth in a pool, usually driving down the value of the goal asset. With this, they will purchase that token at a lower cost and rapidly promote it again for a revenue as soon as the value recovers.
The Flash Mortgage Assault
In Euler Finance’s case, the flash mortgage was leveraged in two situations forcing huge liquidations. Particularly, the attacker tricked the protocol into falsely assuming it held a low quantity of eToken, a collateral token issued by Euler primarily based on whichever token is deposited on the protocol.
They then borrowed 10x the deposited quantity from Euler, receiving 195.6 million eDAI and 200 million dDAI.
🚨 Euler suffered an assault
Analyzing 1 tx that exhibits an $8.9m+ return for the attacker
1. Flash mortgage
2. Deposit 20m DAI
3. Mint 200m eDAI
4. Repay 10m DAI
5. Mint 200m eDAI
6. Donate 100m eDAI to reserves
7. Liquidate your self for 259m eDAI yields 38.9m DAI
8. Shut flashloan pic.twitter.com/8cjHwDgX3y— Dedaub (@dedaub) March 13, 2023
This kind of exploit is called a liquidity assault. It’s additionally one of the crucial widespread sorts of DeFi hacks.
Primarily, attackers manipulate the protocol’s liquidity calculations, which permits the attacker to borrow extra funds than they need to be capable to, resulting in huge losses for the protocol and its customers.
The Euler hack is the newest in lots of DeFi exploits which have plagued the business just lately. Based on blockchain analytics agency Chainalysis, over $3 billion was stolen from DeFi protocols through hacks or exploits in 2022 alone.
2/ At this price, 2022 will possible surpass 2021 as the most important yr for hacking on file. Thus far, hackers have grossed over $3 billion {dollars} throughout 125 hacks. pic.twitter.com/vgT3pz2iOu
— Chainalysis (@chainalysis) October 12, 2022
DeFiLlama data exhibits hackers stole over $20 million in February 2023. Amongst these focused embody Orion, dForce community, and Platypus Finance.
In February, the dForce community misplaced $3.65 million, whereas Platypus Finance was hacked for over $8 million.
Characteristic Picture From Canva, Chart From TradingView
