After $196 million was stolen from it in a quick loan attack, Euler Finance has convinced its hacker to return most of the funds. The result was the result of numerous back and forth over 23 days, eventually leading the hacker to do "the right thing."
On March 13, Euler Finance hacker made multiple transactionseach spending millions of dollars on various tokens, including Dai (ICD), USD currency (USDC), Ether staked (StETH) and Bitcoin wrapped (WBTC).
As a result, the total value of Euler locked up in its smart contracts dropped from over $311 million to $10.37 million. In short, 11 different decentralized finance (DeFi) protocols, including Balancer, Yearn.finance, and Yield Protocol, either froze or lost funds.
At 10:00 UTC, Balancer contributors became aware of an exploit in Euler. It was determined that the best course of action was to pause and put into recovery mode bbeUSD (USD powered by Euler) and all pools containing bbeUSD. This was executed by the emergency subDAO at 11:00 UTC.
— Balance (@Balance) March 13, 2023
The next day, March 14, Euler took proactive measures to recover funds, disabling its vulnerable etoken module and donation feature as a first course of action. In addition, it worked with auditing companies to analyze the root cause of the exploit.
One of our audit partners, @Omniscia_sec, prepared a technical autopsy and analyzed the attack in great detail. You can read his report here:https://t.co/u4Z2xdutwe
In short, the attacker exploited vulnerable code that allowed him to create an unbacked token debt...
— Euler Laboratories (@eulerfinance) March 14, 2023
At the same time, Euler attempted to contact the hackers to negotiate a reward. On March 15, Euler gave the hacker an ultimatum to return 90% of stolen funds, threatening to announce a $1 million reward for information that could lead to the hacker's arrest. This deal would allow the hacker to keep $19.6 million.
The hacker, on the other hand, began to move funds at will. A victim received 100 Ether (ETH) after convincing the hacker that his life savings were lost in Euler's hack. For several days, the hacker returned the stolen fundseach of which varies in value.
Amid the chaos, Euler Labs CEO Michael Bentley revealed that ten separate audits over two years found the protocol “nothing higher than low risk” with “no outstanding issues”.
On March 21, Euler dropped a $1 million bounty against the hacker after he was ghosted in the middle of a conversation. while trying to come to an agreement. As of March 25, the hacker began to return assets stolen in large quantities on multiple occasions.
23 days after the hack, on April 4, Euler Finance announced the possible full recovery of the lost funds, thus ending the $1 million reward. "Because the exploiter did the right thing and returned the funds, and the $1 million bounty campaign launched by the Euler Foundation will no longer accept new information," the protocol said.
Because the exploiter did the right thing and returned the funds, and the $1 million bounty campaign launched by the Euler Foundation will no longer accept new information.
All the details to follow tomorrow.
— Euler Laboratories (@eulerfinance) April 3, 2023
In the final transactions, the hacker sent 12 million DAI and 10,580 ETH in multiple proceedings. The crypto community applauded Euler Finance's effort to recover funds and restore investor confidence.
Related: Allbridge offers bounty to exploiter who stole $573K in quick loan attack
Gnosis, the team behind Gnosis Safe multisig and Gnosis Chain, recently released a hash oracle aggregator to improve bridge security by requiring more than one bridge to validate a withdrawal.
As Cointelegraph reported, more than $2 billion was stolen from the bridges in 2021 and 2022, mainly due to bugs and wallet attacks.
Magazine: Huawei NFT, Toyota hackathon, North Korea vs. Blockchain: Asia Express