Euler Finance Suffers Flash Loan Attack, Loses Millions in Multiple Cryptocurrencies
On March 13, 2023, Euler Finance, an Ethereum-based noncustodial lending protocol, became the victim of a flash loan attack. The attacker managed to steal millions in various cryptocurrencies, including Dai, USD Coin, staked Ether, and wrapped Bitcoin. According to on-chain data, the exploiter carried out multiple transactions and stole nearly $196 million, making it the largest hack of the year.
The breakdown of stolen funds is as follows: $87 million in Dai, $51 million in USDC, $40 million in stETH, and $17 million in WBTC. Euler Finance has not yet made an official statement regarding the attack, and it remains unclear whether the stolen funds will be recovered.
Crypto analytic firm Meta Seluth stated that the attack is related to a deflation attack that occurred one month ago. The attacker used a multichain bridge to transfer the funds from the Binance Smart Chain (BSC) to Ethereum and launched the attack today. ZachXBT, another prominent on-chain sleuth, reiterated the same and said that the movement of funds and the nature of the attack seem quite similar to the black hats that exploited a BSC-based protocol last month.
The attack on Euler Finance highlights the risks associated with flash loans, which are uncollateralized loans that allow traders to borrow large amounts of capital without putting up any assets as collateral. Flash loans have become increasingly popular in the DeFi space and have been used in several high-profile attacks, including the $600 million hack of Poly Network in August 2021.
Flash loan attacks are a growing concern for the DeFi ecosystem, and several projects have taken steps to mitigate the risks associated with these loans. For example, Aave, a popular DeFi lending platform, has implemented a cooldown period for flash loans, requiring borrowers to wait for a period before taking out another loan. Similarly, Compound Finance has implemented a fee on flash loans to deter attackers.
Euler Finance is just the latest DeFi project to fall victim to a flash loan attack, highlighting the need for better security measures in the DeFi ecosystem. As the DeFi space continues to grow, it is essential to implement robust security measures to protect users’ funds and prevent attacks like these from happening in the future.