Euler Finance hacked for over $195M in a flash loan attack

Ethereum-based non-custodial lending protocol Eurler finance faced a flash loan attack on March 13, with the attacker managing to steal millions in DAI, USDC, staked Ether (StETH) and wrapped Bitcoin (WBTC).

According to on-chain data, the exploiter carried out multiple transactions stealing nearly $196 million as per the last update.  The ongoing attack has already become the largest hack of 2023. The breakdown of stolen funds are as follows: 

According to another crypto analytic firm Meta Seluth, the attacker is correlated with the deflation attack that occurred one month ago. The attacker use the Multichain bridge to transfer the funds from BSC to Ethereum and launched the attack today! 

Euler Finance acknowledged the exploit and said that they are currently working with the security professionals and law enforcement to resolve the issue.

We are aware and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it. https://t.co/bjm6xyYcxf

— Euler Labs (@eulerfinance) March 13, 2023

ZachXBT, another prominent on-chain sleuth of the crypto world, pointed out that the movement of funds and the nature of the attack seems quite similar to blackhats that exploited a BSC-based protocol last month. They were exploiting some random protocol on BSC a few weeks ago and then the funds were deposited to Tornado.

Euler Finance raised $32 million in a funding round last year that saw participation from the likes of FTX, Coinbase, Jump, Jane Street and Uniswap.

Euler Finance became quite popular for offering liquid staking derivatives (LSDs) services. LSDs are a relatively new type of token that enables stakers to augment potential returns by unlocking liquidity for their staked cryptocurrency, such as ETH. Currently, LSDs make upto 20% of total value locked in centralized finance protocols.

This is a developing story, and further information will be added as it becomes available.