Euler Finance has sent a stern warning to the hacker who stole $200 million of users’ funds by using flash loan attacks on the protocol. The team behind Euler Finance has announced that it is ready to put up a $1 million bounty on the hacker for any information that will lead to the arrest of the attacker and return of the funds to the rightful owners. The announcement comes after Euler Finance was exploited for $197 million in stETH, wstETH, WBTC, USDC, DAI and WETH. After the hacker’s withdrawal, the protocol was left with very few tokens. One of the initial red flags was a massive spike in borrowing volume within an hour in the Euler protocol.
The hacker used the “DonateToReserves()” function to intentionally put their positions underwater, allowing them to liquidate their positions. By doing so, the hacker was able to seize both the collateral and the liquidation bonus, resulting in significant gains for the attacker. All of the hacks took place in the same block, making it challenging to prevent the exploit, as there was no time for any countermeasures to be implemented. However, one potential solution for future attacks of a similar nature is the use of Miner Extractable Value (MEV) bots, which are able to detect and front-run malicious transactions in real time.
Out of all the collateral-type tokens on Euler, only USDT and cbETH were not targeted. This appears to be due to the low liquidity on-chain. cbETH has several smaller pools distributed across protocols, and the main USDT pool (3pool on curve) has been exhausted of most of its USDT due to the USDC panic over the weekend. After the attack, the hacker paid off their flashloans from Aave v2 and Balancer and swapped all seized assets to ETH and DAI. The swap from stETH to ETH was large enough to move Curve’s stETH pool liquidity composition by nearly 5%.