A hacker exploited the decentralized finance (DeFi) platform Euler Finance early Monday morning and stole around $200 million worth of crypto, according to the blockchain security firm SlowMist.
Euler Finance, a non-custodial lending protocol built on Ethereum (ETH), acknowledged the hack on Monday, noting that it was working with law enforcement and independent auditors and security firms.
“The attacker used flashloans to deposit funds and then leveraged them twice to trigger the liquidation logic, donating the funds to the reserved address and conducting a self-liquidation to collect any remaining assets.”
The blockchain security firm notes that the hacker donated funds to the reserve address without being subjected to a liquidity check, which “created a mechanism that could directly trigger soft liquidation.”
“When the soft liquidation logic was triggered by high leverage, the yield value increased, enabling the liquidator to obtain most of the collateral funds from the liquidated user’s account by transferring only a portion of the liabilities to themselves.
Given that the value of the collateral funds exceeded the value of the liabilities (which were only partially transferred due to the soft liquidation), the liquidator was able to successfully pass their health factor check (checkLiquidity) and withdraw the obtained funds.”
According to Lookonchain, Euler lost approximately 96,833 ETH, worth around $166 million at the time of writing, and $34 million worth of the USD-pegged stablecoin DAI.
In its 2023 Crypto Crime Report, blockchain data platform Chainalysis notes that hackers stole a total of $3.8 billion from cryptocurrency businesses last year, the highest annual total ever. The hackers made off with a vast majority of that total by targeting DeFi protocols.