DeFi Protocol Euler Finance Faces $200M Exploit in a Flash Loan Attack
- The Euler Finance decentralized finance (DeFi) lending system experienced an exploit that cost almost $200 million.
- After the attacker used a flash loan assault, the losses spread across four transactions in dai, wrapped bitcoin, staked ether, and USDC.
On March 13, a flash loan assault was launched against the Ethereum-based noncustodial lending platform Eurler Finance. According to smart contract auditor BlockSec, the attacker successfully stole millions of Dai, USD Coin, staked Ether (StETH), and wrapped Bitcoin (WBTC). To carry out the assault, the attacker used a flash loan.
Users of DeFi can obtain millions of dollars with no collateral by using flash loans. The debt must be returned before the transaction is complete. Attackers frequently use them to raise money to attack decentralized systems.
The loan was used by Euler’s attackers to temporarily deceive the protocol into believing it had a small quantity of eToken, a security token that Euler issues based on the token that is deposited on the protocol. When Euler’s number of dTokens issued exceeds the number of eTokens stored on the platform, an automatic on-chain liquidation is initiated. This is accomplished by issuing a separate dToken, also known as a debt token.
On-chain data shows that the exploiter executed numerous trades and stole nearly $196 million as of the most recent update. The current assault has already grown to be 2023’s biggest breach.
On-chain data reveals that the perpetrator borrowed more than $30 million worth of dai stablecoin using flash loans from the DeFi protocols Balancer and Aave. Of that, about $20 million was sent to Euler, where $19.5 million value of eDAI was given to the attacker.
The attacker then obtained 195.6 million eDAI and 200 million dDAI by borrowing ten times the sum deposited from Euler. Then, using the remaining money, they partially paid off the original debt, deceiving the protocol into thinking it owed depositors more money than it actually did.
Euler Finance acknowledged the vulnerability and stated they are collaborating with law enforcement and security experts to find a solution.
In a funding round last year, including FTX, Coinbase, Jump, Jane Street, and Uniswap, Euler Finance earned $32 million.
Due to its provision of liquid staking derivatives (LSDs) services, Euler Finance rose to prominence. With the help of LSDs, a comparatively new class of token, stakers can increase their potential returns by increasing the liquidity of staked cryptocurrencies like ether. Up to 20% of the total value locked in decentralized finance systems is currently represented by LSDs.