Some malicious players hacked Euler Finance to steal $197 million funds in total. The hack was carried out in four different transactions for $177 million, with two more attacks that added to the concern. This was first reported by BlockSec, a blockchain security firm, and then corroborated by Arkham Intelligence.
Per the Google document shared by the firm, here is how Euler Finance was hacked:
- $8.76 million – DAI
- $18.5 million worth 849 wrapped BTC
- $33.85 million worth of USDC
- $135.8 million worth 85,817 staked Ethereum
A swift action by Euler Finance was able to stop the malicious players from causing any further damage. As of now, the core team behind the on-chain lending service is in talks with the security community and has informed relevant law enforcement agencies in the US and UK about the attack.
The value of the EUL token has taken a hit of 48% and dropped to $3.10 at the time of drafting this article.
Different protocols have reported being directly and indirectly affected by the $197 million Euler Finance exploit, which shows that the effect has spread even further. Angle Protocol is one of them, and it has informed the community of the 17.6 million USDC that was deposited on Euler. The Angle team has paused the protocol and set zero as the debt ceiling. Angle Protocol is currently keeping an eye on the situation, and soon more updates will be available.
Balancer also used Twitter to say that the contributors know about the exploit and have put their protocol on hold for now. The team is now in recovery mode for bbeUSD and pools that contain Euler-boosted USD. The action followed an emergency subDAO that was held at 11:00 UTC against the time of becoming aware of the situation, which was 10:00 UTC.
Yearn has said that it did not have any direct exposure to Euler Finance; however, some of the vaults had indirect exposure, amounting to $1.38 million, through the use of Idle and Angle across yvUSDC and yvUSDT. Bad debts have been announced to be covered under the Yearn Treasury with no impact on vaults or businesses. Both will operate as usual.
Alchemix also reported no direct exposure except for indirect exposure with yvUSDC and yvUSDT yearn vaults.
Sherlock came forward to assist Euler Finance in submitting a claim for $4.5 million, of which $3.3 million has been executed as of March 14, 2023. Inverse has also informed its community on Twitter that the DOLA Fed has incurred a loss of approximately $860,000, and the team is now working to recover the remaining funds. Losses incurred and reports by Inverse do not include a credit toward rewards.
The $197 million exploit at Euler Finance comes months after the venture led a $32 million funding round that saw the participation of FTX and Coinbase in 2022.