Euler Finance hacked for over $195M in a flash loan attack

Euler Finance hacked for over $195M in a flash loan attack
Photo by Rene Böhmer / Unsplash

Euler Finance, a noncustodial lending platform built on the Ethereum network, fell victim to a flash loan attack on March 13th, resulting in the loss of a significant amount of decentralized stablecoins and synthetic ERC-20 tokens.

As per the latest on-chain information, the attacker executed several transactions, successfully siphoning off approximately $196 million. This ongoing breach has already been identified as the most sizeable hack of the current year.

A comprehensive evaluation conducted by Slowmist, a renowned blockchain security enterprise, reveals that the perpetrator of the cyberattack employed flash loans as a means of depositing funds. Subsequently, they utilized this deposit twice to initiate liquidation, thereby causing significant damage. The offender then contributed the illicitly obtained funds to a reserved address and proceeded to conduct a self-liquidation, enabling them to seize any remaining assets.

The success of the exploit can be attributed to two significant factors. Firstly, the reserved address received donations without undergoing a liquidity check, thereby triggering a soft liquidation mechanism. Secondly, the high leverage activated the soft liquidation logic, empowering the liquidator to acquire the majority of the collateral funds from the liquidated user's account while only assuming a portion of the liabilities. These two factors played a critical role in the exploit's triumph, highlighting the need for more rigorous safeguards against such vulnerabilities.

Last year, Euler Finance secured $32 million in a funding round with the participation of esteemed investors such as FTX, Coinbase, Jump, Jane Street, and Uniswap. Euler Finance's innovative liquid staking derivatives (LSDs) services have garnered significant attention in the financial sector. LSDs are a contemporary class of tokens that enhance potential returns by unlocking liquidity for staked cryptocurrencies, such as Ethereum (ETH). In decentralized finance protocols, LSDs currently account for up to 20% of the total value locked, emphasizing their growing significance.