On March 13, 2023, Euler Finance, an Ethereum-based lending protocol, lost over $195 million in a flash loan attack. The hacker stole millions in Dai (DAI), USD Coin (USDC), wrapped Bitcoin(WBTC), and staked Ether(StETH), as stated by Cointelegraph.
According to Cointelegraph, the exploiter conducted different attempts to steal the funds. It’s believed that the attack has been correlated with the deflation attack that took place a month prior, as per insights from Meta Seluth, a crypto analytic firm. Sources suggest that the hacker transferred funds through a multichain bridge from the BNB Smart Chain (BSC) to Ethereum.
Based on information by Cointelegraph, Euler Finance mentioned collaborating with security professionals and law officials to sort out the matter. Slowmist, a blockchain security firm, pointed out that the attacker utilised flash loans to transfer funds to ensure liquidity. Reportedly, the attacker shifted funds to the designated address and conducted self-liquidation to collect any leftover assets.
“There appears to be a bug in one of the Euler smart contracts, where it doesn’t check for the health factor when executing the donateToReservers() function. Due to this, the attacker was able to liquidate himself from the protocol, repay the flash loan and make a huge profit,” Gustavo Gonzalez, solutions developer, OpenZeppelin, stated.
(With insights from Cointelegraph)