Vote for Cryptopolitan on Binance Square Creator Awards 2024. Click here to support our content!

Euler Finance gives an important update to users on the $197m hack

Euler Finance gives an essential update to users on the $197m hackEuler Finance gives an essential update to users on the $197m hack
277979

Contents

Share link:

In this post:

  • The team has assured that it will continue to work with security groups to ensure the protocol’s safety going forward.
  • Sherlock highlighted a major factor contributing to the exploit: the lack of a health check in “donateToReserves,” a new function added with EIP-14.

On March 13, DeFi lending protocol Euler Finance suffered a massive flash loan attack, making it the largest crypto hack of 2023 so far. The incident resulted in the loss of approximately $197 million and impacted over 11 other DeFi protocols. In response, Euler announced on March 14 that they had disabled their vulnerable etoken module and donation function to prevent further deposits.

Furthermore, the Euler Finance team stated to its users that the vulnerability was not detected in the initial audit conducted by various security groups. The team has assured that it will continue to work with security groups to ensure the protocol’s safety going forward.

For eight months, the vulnerability existed on-chain despite a $1 million bug bounty. Unfortunately, it was eventually exploited by an unknown party.

Read Also  Flash loan attacker of Euler Finance sends 100 ETH back to victim

Sherlock, an audit group that had previously worked with Euler Finance, conducted a thorough investigation and identified the root cause of the exploit. After submitting the claim to the audit protocol and receiving approval, they executed a payout of $3.3 million on March 14. In their analysis report, Sherlock highlighted a major factor contributing to the exploit: the lack of a health check in “donateToReserves,” a new function added with EIP-14. They noted that the attack could still have been technically possible without EIP-14.

In July 2022, WatchPug conducted an Euler audit for Sherlock; however, the audit missed a critical vulnerability, eventually resulting in an exploit in March 2023.


Euler has taken steps to investigate and recover the funds that have been stolen, reaching out to leading on-chain analytic and blockchain security firms such as TRM Labs, Chainalysis, and the ETH security community. Additionally, they are attempting to contact those responsible for the attack to learn more about the issue and discuss possibly negotiating a bounty to recover the stolen funds.

A Step-By-Step System To Launching Your Web3 Career and Landing High-Paying Crypto Jobs in 90 Days.

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Editor's choice

Loading Editor's Choice articles...

Stay on top of crypto news, get daily updates in your inbox

Most read

Loading Most Read articles...
Subscribe to CryptoPolitan