On March 13, 2023, Euler Finance suffered a flash loan attack, resulting in the theft of $196 million worth of various tokens, including Dai, USDC, StETH, and WBTC. This attack drained millions of dollars from Euler Finance’s smart contracts, causing the total value locked inside them to drop from over $311 million to $10.37 million. Additionally, 11 different DeFi protocols, including Balancer, Yearn.finance, and Yield Protocol, either froze or lost funds.
Following the attack, Euler Finance took proactive measures to recover the stolen funds. The protocol disabled its vulnerable etoken module and donation function as the first course of action and worked with auditing companies to analyze the root cause of the exploit. At the same time, Euler Finance attempted to contact the hacker to negotiate a bounty.
On March 15, Euler Finance gave the hacker an ultimatum to return 90% of the stolen funds or face a $1 million reward for information leading to their arrest. The hacker, however, started moving funds at will, causing chaos and distress among the victims. Despite this, one victim managed to convince the hacker to return their life savings, resulting in the hacker beginning to return stolen funds over several days.
Meanwhile, Euler Finance’s CEO, Michael Bentley, revealed that ten separate audits over two years deemed the protocol “nothing higher than low risk” with “no outstanding issues.” However, the hack exposed the protocol’s vulnerability and the need for improved security measures.
On March 21, Euler Finance launched a $1 million bounty reward against the hacker after being ghosted mid-conversation while trying to strike a deal. However, the hacker started returning the stolen assets in large numbers on multiple occasions, starting on March 25. Finally, 23 days after the hack, Euler Finance announced that the stolen funds had been recovered, and the $1 million bounty was no longer accepting new information.
In the final transactions, the hacker returned 12 million DAI and 10,580 ETH in multiple transactions. The crypto community applauded Euler Finance’s efforts to recover the funds and restore investor confidence. Gnosis, the team behind Gnosis Safe multisig and Gnosis Chain, recently launched a hash oracle aggregator to improve the security of bridges by requiring more than one bridge to validate a withdrawal.
The Euler Finance hack serves as a cautionary tale for the DeFi industry, highlighting the importance of comprehensive security measures and frequent audits. It also demonstrates the benefits of negotiating with hackers to recover stolen funds and the role of the community in restoring investor confidence. Overall, the recovery of the stolen funds is a significant victory for Euler Finance and the DeFi industry as a whole.