Decentralized finance (DeFi) platform Euler Finance has reportedly suffered an exploit of approximately $196.9 million, per audit platform BlockSec.
The attacker nabbed $8.7 million in the decentralized stablecoin DAI, $18.5 million in Wrapped Bitcoin (WBTC), a whopping $135.8 million in Staked Ethereum (stETH), and another $33.8 million in Circle's USD stablecoin USDC.
Euler Finance is a borrowing and lending platform for cryptocurrencies, allowing users to earn interest for adding various assets to the protocol.
AD
AD
A BlockSec spokesperson told Decrypt that the root vulnerability is still unknown, but that the attacker used a series of six different flash loans to leverage the attack. A flash loan is a crypto-native loan in which a user borrows and returns funds in the same transaction.
Others reported that the "donateToReserves" function in the project's smart contracts is the key vulnerability.
2/ The hack is made possible due to the flawed logic its donation and liquidation. Specifically, the donateToReserves needs to ensure the donator is still over-collateralized. And liquidation needs to ensure the *correct* conversion rate from borrow to collateral asset. pic.twitter.com/dsHUP1orRP
Euler's market data indicates that there is roughly $200 in the WBTC lending market and $208 in USDC. Based on data pulled at 11 am CEST, both the DAI and stETH markets have been completely drained.
The markets page now reports a rendering error.
AD
AD
Per DeFi Llama, the project's total value locked (TVL), the dollar amount of assets sloshing around in the app, was $237.9 million prior to the attack.
The project did not immediately respond to Decrypt's request for comment.
Euler tweeted that it is "aware and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it."
We are aware and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it. https://t.co/bjm6xyYcxf
