Cointime

Download App
iOS & Android

$197 Million Stolen: Euler Finance Flash Loan Attack Explained [UPDATED 3/17/23]

New updates, 3/17/23: Possible North Korean involvement

Early in the morning of March 17, 2023, 100 ETH stolen in the Euler Finance hack moved to an address that previously received funds stolen in the Axie Infinity Ronin Bridge hack, which was carried out by the North Korean hacking syndicate Lazarus Group.

This could also mean that the Euler Finance hack was also carried out by Lazarus Group. However, we can’t yet know for sure — it’s possible that this movement of funds was an attempt at misdirection by another hacking group. We will continue to monitor the situation and provide updates as possible.

Original post: Analysis of Euler Finance flash loan attack

On March 13, 2023, Euler Finance, a permissionless borrowing and lending protocol on Ethereum, was the victim of a flash loan attack. Euler Finance isn’t the first DeFi hack victim this year — dForce and Platypus were similarly targeted in February — but it is unfortunately the largest. At a whopping near-$200 million loss, hackers stole funds in USDC, wrapped Bitcoin (wBTC), staked Ether (stETH), and DAI, an algorithmic stablecoin maintained by MakerDAO. A hack of this magnitude illustrates both the ongoing threats to widely used DeFi protocols and the potential hacking abuses opened up by flash loans.

In this blog, we’ll explore how flash loans work, how hackers stole funds from Euler Finance, and how the effects of flash loan attacks may be mitigated in the future.

What is a flash loan?

Before analyzing the details of the Euler hack, it is important to understand how flash loans typically work. Flash loans are executed by smart contracts and enable participants to quickly borrow funds without the need for collateral. However, these loans must be repaid in full within the same transaction, or else the entire transaction, including the loan itself, will be reversed. Flash loans are attractive for DeFi traders looking to maximize arbitrage opportunities. They are also commonly used for swapping collateral and self-liquidation.

Although there are several legitimate uses of flash loans, hackers can also use them to manipulate DeFi protocols’ pricing oracles. They do this by taking advantage of the lack of collateralization to borrow huge amounts of funds, which they can then use to manipulate token prices, typically by buying or short selling high volumes of tokens with thin supply levels.

How the Euler Finance flash loan attack occurred

When users borrow and lend using the Euler Finance platform, they primarily transact with two types of tokens: eTokens (which represent collateral) and dTokens (which represent debt). Euler issues eTokens based on the types of funds deposited by users; dTokens automatically trigger on-chain liquidation when the platform holds more dTokens than eTokens.

The hack was made possible by a liquidity issue in the DonateToReserve function of the eToken. This function was properly burning eTokens, but not dTokens, leading to an incorrect conversion of borrowed assets to collateralized assets. Euler’s hacker took advantage of these inconsistencies to create a false impression that the platform had a low amount of deposited eTokens and fake debt due to the fact that the dTokens were not burned.

We currently have reason to believe that there were two primary on-chain entities involved in the hack: a front-running MEV bot (using the wallet 0x5F259D0b76665c337c6104145894F4D1D2758B8c) and the hacker’s primary personal wallet (using the wallet 0xb66cd966670d962C227B3EABA30a872DbFb995db). The hacker hardcoded their lending contract so that the personal wallet received most of the funds, regardless of which entity executed which transactions.

The hacker received initial funding from the sanctioned mixer Tornado Cash for gas fees and to create the contracts used in the exploit, then initiated a flash loan to borrow around $30 million in DAI from the DeFi protocol Aave. After this, the hacker deposited $20 million of that DAI into Euler’s platform, receiving a similar amount in eDAI tokens. By leveraging Euler’s borrowing capabilities, the hacker was able to borrow 10 times the original deposited amount. The hacker then used the remaining $10 million in DAI from the original loan to repay part of the acquired debt (dDAI) and reused the mint function to borrow again until the flash loan was closed. After the hack was complete, the hacker moved some of the funds back to Tornado Cash. Investigators would need to employ advanced investigative techniques like those Chainalysis offers to pursue the funds further.

We can see some of these steps in the Chainalysis Storyline graph below:

Open in new tab to enlarge

Overall, Euler lost roughly $197 million worth of cryptocurrency, spread across DAI, wBTC, stETH, and USDC. Additionally, Euler’s native token, EUL, declined more than 45%.

Reducing hacking risks

Although it can be difficult to identify DeFi platform vulnerabilities, there may be several methods to mitigate risk of flash loan attacks to protect cryptocurrency participants from similar catastrophic events. For instance, circuit breakers could be used to temporarily halt protocols when there are unusually large price movements or outflows so that hacks can be stopped early. We will continue to monitor the Euler hack situation and provide updates as possible.

This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.

Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.

Read more: https://blog.chainalysis.com/reports/euler-finance-flash-loan-attack/

Comments

All Comments

Recommended for you

  • Forbes survey: More than a third of Wall Street leaders oppose Trump's economic policies

    Forbes recently conducted an investigation into President Trump's economic policies, contacting 50 of the most influential figures on Wall Street, including billionaire investors, heads of large institutional asset management companies, and top financial advisors in the United States, to understand their views on Trump's economic strategy since taking office.

  • AI infrastructure platform Mahojin completes $5 million financing

    AI infrastructure platform Mahojin has completed a $5 million financing round, led by a16z CSX and Maelstrom. Mahojin aims to create a "GitHub" for AI model creators and dataset developers, with the platform enabling intellectual property tracking and rewarding the original contributors of models and datasets.

  • A senior Brazilian official: Bitcoin reserves are "crucial" to Brazil's prosperity

    according to Decrypt, Pedro Giocondo Guerra, senior advisor to the Vice President of Brazil, stated in a recent speech on behalf of the government: "The strategic reserve of Bitcoin is crucial for the prosperity of the country. Discussions about establishing a BTC reserve may be a key factor in deciding the prosperity of Brazil, in line with the interests of the country and the public." Brazilian congressman Eros Biondini (PL-MG) previously proposed legislation to establish a "strategic sovereign Bitcoin reserve" (RESBit). Holding 5% of foreign exchange reserves (international reserves) in Bitcoin, the Central Bank of Brazil will use advanced monitoring systems, blockchain technology, and artificial intelligence to monitor transactions and be responsible for custody.

  • Bitpanda receives broker-dealer license from Dubai Virtual Assets Authority

    Bitpanda, headquartered in Vienna, has obtained a broker-dealer license from the Dubai Virtual Asset Regulatory Authority (VARA).

  • US artificial intelligence startup Yutori raises $15 million

    Yutori, a startup based in San Francisco, has raised $15 million for the development of an artificial intelligence personal assistant.

  • Meme incubation platform Coresky completes $15 million Series A financing

    Meme incubation platform Coresky announced the completion of a $15 million Series A financing round, led by Tido Capital, with WAGMi Ventures, Copilot Venture Studio, Web3 Vision Fund, and Parallel Ventures participating. The valuation information has not been disclosed, and the company's total financing to date has reached $21 million.

  • Vest Labs Completes $5 Million Seed Round of Financing, with Amber Group, QCP Capital and Other Investors

    Vest Labs, a financial infrastructure company based on real-time risk pricing, has announced the completion of a $5 million seed round financing, with participation from Jane Street, Amber Group, Selini Capital, QCP Capital, and Big Brain Holdings. The new funds will be used to support its construction of a real-time, verifiable risk pricing model based on zero-knowledge proofs to enhance financial market transparency and efficiency, and will also launch a perpetual futures trading platform supporting Arbitrum, Solana, Base, and other L2 solutions.

  • Digital asset high-frequency trading company ABEX completes new round of financing of US$6 million

    ABEX, a digital asset high-frequency trading company based in London, United Kingdom, announced the completion of a $6 million financing round, led by MMC Ventures. The new funds are intended to be used for the launch of derivative trading and algorithmic execution solutions to improve the transaction execution efficiency of centralized and decentralized financial venues. It is reported that the company is registered with the Financial Conduct Authority (FCA) in the United Kingdom, allowing it to engage in cryptocurrency trading activities.

  • The market value of BSC ecosystem meme coin BUBB hit a record high of US$35 million, with a 24-hour increase of 516%.

    On March 21st, according to GMGN market information, the BSC ecosystem meme token BUBB reached a market value of 35 million USD in a short time, hitting a historic high, and is currently at 31.3 million USD, with a 24-hour increase of 516% and a 24-hour trading volume of 41.7 million USD.

  • DeFi TVL exceeds $95 billion again

    According to defillama data, as of May 18, 2024, the total value locked (TVL) in DeFi has once again surpassed $95 billion. It is currently reported at $95.069 billion, an increase of nearly $12 billion from the low point of $83.04 billion 35 days ago. Among the top five protocols in terms of TVL, Eigenlayer has the highest 30-day increase, with TVL rising by 19.67% to a total of $15.455 billion.