Euler Finance Gives $200M Exploiter an Ultimatum

  • DeFi lending protocol Euler Finance has given the exploiter 24 hours to return 90% of the $197 million he stole in a flash-loan attack on Monday.
  • If the funds were not returned in time, the protocol is ready to post a $1 million bounty on any information that could lead to the arrest of the attacker.
hack

Shutterstock

Decentralized finance (DeFi) lending protocol Euler Finance is preparing to offer a $1 million reward for information on the exploiter who stole almost $200 million from the platform on Monday.

Euler Labs sent an on-chain message to the attacker on 14 March, warning him that he had 24 hours to return 90% of the stolen funds before the DeFi platform places a $1 million bounty on information that could lead to his arrest. The ultimatum came only a day after the lending protocol tried to get in touch with the flash-loan exploiter in an attempt to recover a portion of the stolen funds, though that move seems to have failed. Euler’s attached message reads:

“Following up on our message from yesterday. If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and the return of all funds.”

In an update to its community, the platform noted that it was already working with law enforcement agencies in the United Kingdom and United States. Euler has also engaged with blockchain analysis firms Chainalysis, TRM Labs, and the wider Ethereum community to help with its investigation and effort to recover the missing funds.

The lending protocol lost almost $200 million in DAI, wrapped Bitcoin (WBTC), staked ether (sETH), and USDC on 13 March after the exploiter used a flash loan to temporarily trick Euler’s protocol into assuming it held varying amounts of eToken and dToken. The team behind the project explained that the smart contract vulnerability “was not discovered” by its auditing partners, and existed on-chain for eight months before it was exploited. The platform tweeted:

Discussion
Related Coverage
Euler Finance Exploited for $197M in Flash Loan Attack
  • The attacker carried out multiple transactions to steal 85,818 staked ether (stETH), 34.5 million USDC, 849 wrapped Bitcoin (WBTC), and 8.9 million DAI.
  • Euler Finance is now working with security professionals and law enforcement trying to rectify the situation, and will provide more information in the near future.
March 13, 2023, 1:30 PM
hacker

Shutterstock

DeFi Protocol Tender.fi Exploited by Alleged White Hat Hacker
  • DeFi lender Tender.fi has paused all borrowing while investigating an exploit which saw an attacker borrow $1.6 million worth of assets using only 1 GMX token.
  • The attacker, however, appears to be a white hat hacker who the platform has already contacted in order to remedy the situation.
MyAlgo Warns Users to Withdraw Assets After $9M Exploit
  • The Algorand wallet provider has warned users to withdraw their assets from mnemonic wallets after an attacker targeted a group of “high-profile MyAlgo accounts”.
  • The root cause of the attacks remains unknown, with MyAlgo still investigating the issue, but reports have indicated that close to $9M were stolen so far.