Euler Finance Gives $200M Exploiter an Ultimatum

  • DeFi lending protocol Euler Finance has given the exploiter 24 hours to return 90% of the $197 million he stole in a flash-loan attack on Monday.
  • If the funds were not returned in time, the protocol is ready to post a $1 million bounty on any information that could lead to the arrest of the attacker.


Decentralized finance (DeFi) lending protocol Euler Finance is preparing to offer a $1 million reward for information on the exploiter who stole almost $200 million from the platform on Monday.

Euler Labs sent an on-chain message to the attacker on 14 March, warning him that he had 24 hours to return 90% of the stolen funds before the DeFi platform places a $1 million bounty on information that could lead to his arrest. The ultimatum came only a day after the lending protocol tried to get in touch with the flash-loan exploiter in an attempt to recover a portion of the stolen funds, though that move seems to have failed. Euler’s attached message reads:

“Following up on our message from yesterday. If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and the return of all funds.”

In an update to its community, the platform noted that it was already working with law enforcement agencies in the United Kingdom and United States. Euler has also engaged with blockchain analysis firms Chainalysis, TRM Labs, and the wider Ethereum community to help with its investigation and effort to recover the missing funds.

The lending protocol lost almost $200 million in DAI, wrapped Bitcoin (WBTC), staked ether (sETH), and USDC on 13 March after the exploiter used a flash loan to temporarily trick Euler’s protocol into assuming it held varying amounts of eToken and dToken. The team behind the project explained that the smart contract vulnerability “was not discovered” by its auditing partners, and existed on-chain for eight months before it was exploited. The platform tweeted:

Related Coverage
Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
August 28, 2023, 1:55 PM


Zunami Protocol’s Stablecoin Pools Exploited, Suffers $2.1M Loss
  • DeFi yield aggregator Zunami Protocol confirmed that a hacker had attacked its “zStables” pools on Curve Finance using a price manipulation exploit.
  • Security firm PeckShield has estimated that over $2.1 million was lost during the attack, while SlowMist said it had informed Zunami of the vulnerability two months ago.
Curve Exploited for $41M Due to Vyper Vulnerability
  • Versions 0.2.15, 0.2.16, and 0.3.0 of Vyper have malfunctioning reentrancy locks, which left smart contracts compiled with them vulnerable to reentrancy attacks.
  • An estimated 460 contracts were compiled using these versions of Vyper which resulted in millions being lost to attacks, with Curve Finance reportedly losing $41 million.