Hackers stole nearly $200 million worth of cryptocurrency from the Euler Finance lending protocol, Cointelegraph reported earlier this week.
Euler is a non-custodial decentralized finance (DeFi) protocol on Ethereum that allows users to lend and borrow virtually any crypto asset. Euler Labs, the company behind the protocol, confirmed the incident via Twitter, saying security experts and police have been brought in to investigate the matter.
Every beep computer (opens in a new tab), which took advantage of a poorly designed flash loan feature that allowed users to borrow funds “instantly” and return them just as quickly. There was a vulnerability in this feature that allowed an attacker to borrow large amounts of funds without returning their value to the service.
Packaged BTC and pledged ETH
“The attackers use a loophole that allows them to manipulate the price of a token or asset on the platform within seconds of holding the loaned amount, so when the transaction is completed, they will reap huge profits,” the publication explained.
In this incident, the attackers stole $8.75 million in DAI tokens, $18.5 million in WBTC (“wrapped” bitcoins – Bitcoins on the Ethereum network), $33.85 million in USDC (a pegged stablecoin) and $135.8 million in stETH (Staked ETH – a liquid collateralized derivative token used to represent Ether staked on Lido (LDO)).
While media reports say the funds are being monitored, making it difficult for attackers to convert them into something they can use (and not get confiscated), blockchain analytics firm Elliptic says some of the stolen tokens have passed through Tornado Cash mixers (In other words, they are washed).
Following the news, the value of the Euler token (EUL) dropped from $6.2 to $3.1 at press time.