Euler Finance Exploited for $197M in Flash Loan Attack

  • The attacker carried out multiple transactions to steal 85,818 staked ether (stETH), 34.5 million USDC, 849 wrapped Bitcoin (WBTC), and 8.9 million DAI.
  • Euler Finance is now working with security professionals and law enforcement trying to rectify the situation, and will provide more information in the near future.


Decentralized finance (DeFi) lending protocol Euler Finance became the victim of a flash loan exploit, which saw the attacker steal $197 million worth of crypto, security firms BlockSec and PeckShield said on 13 March.

According to on-chain data, the attack on the protocol began at 4:50 am ET, when the exploiter began to carry out multiple transactions to steal 85,818 staked ether (stETH), 34.5 million USDC, 849 wrapped Bitcoin (WBTC), and 8.9 million DAI. Euler Finance noted it is working with security professionals and more information will be released soon.

Crypto analytic firm Meta Sleuth observed that the exploiter used a multichain bridge to transfer funds from the BNB Smart Chain (BSC) to Ethereum before executing his attack today. ZachXBT also noted that the movement of funds and the way the attack was carried out were similar to how a BSC-based protocol was exploited last month.

On-chain data shows that the attacker borrowed more than $30 million worth of DAI from DeFi protocols Balancer and Aave, $20 million of which were sent to Euler in exchange 19.5 million of eDAI (a collateral token). He then borrowed ten times the deposited amount from Euler — receiving 195.6 million eDAI and 200 million dDAI (debt token) — and then repaid a part of the debt using the remaining $10 million DAI from Balancer and Aave. By repeating these steps the attacker was able to trick the protocol into falsely assuming it owed more to depositors than it held.

Related Coverage
Euler Finance Gives $200M Exploiter an Ultimatum
  • DeFi lending protocol Euler Finance has given the exploiter 24 hours to return 90% of the $197 million he stole in a flash-loan attack on Monday.
  • If the funds were not returned in time, the protocol is ready to post a $1 million bounty on any information that could lead to the arrest of the attacker.
March 15, 2023, 12:14 PM


DeFi Protocol Exploited by Alleged White Hat Hacker
  • DeFi lender has paused all borrowing while investigating an exploit which saw an attacker borrow $1.6 million worth of assets using only 1 GMX token.
  • The attacker, however, appears to be a white hat hacker who the platform has already contacted in order to remedy the situation.
MyAlgo Warns Users to Withdraw Assets After $9M Exploit
  • The Algorand wallet provider has warned users to withdraw their assets from mnemonic wallets after an attacker targeted a group of “high-profile MyAlgo accounts”.
  • The root cause of the attacks remains unknown, with MyAlgo still investigating the issue, but reports have indicated that close to $9M were stolen so far.