On March 13, 2023, Euler Finance, an Ethereum-based borrowing and lending company, sustained losses from a flash loan attack. In February, 2023, other platforms such as dForce and Platypus were also targeted, as stated by Chainalysis.
According to Chainalysis, the company clocked $200 million loss in USDC, wrapped Bitcoin (wBTC), staked Ether (stETH), and DAI. It is believed that the hack happened due to a liquidity concern in the DonateToReserve function of the eToken. Reportedly, Euler’s hacker benefitted from these issues to develop a false impression that the platform had a low amount of deposited eTokens and fake debt over unburned dTokens.
Based on information by Chainalysis, the hacker secured first funding from sanctioned mixer Tornado Cash for gas fees and to make contacts present in the exploit. Sources suggest that the hacker took $30 million worth DAI from decentralised finance (DeFi) protocol Aave, and sent $20 million of it to Euler’s base. Post that development, the hacker utilised remaining $10 million DAI to refund part of acquired debt (dDAI). After concluding the hack, the hacker shifted a certain part of funds back to Tornado Cash.
Moreover, Chainalysis noted that EUL, Euler’s native token, witnessed a fall of over 45%.
(With insights from Chainalysis)