Hacker Steals $200 Million From Euler Finance
Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime
Thief Off-Ramps Some Funds to Tornado Cash; DeFi Firm Probes Incident Rashmi Ramesh (rashmiramesh_) • March 13, 2023 Image: Shutterstock
Hackers are draining millions of dollars from decentralized finance protocol Euler Finance in an ongoing attack. As of 10:45 a.m. UTC, the thieves had stolen digital assets worth nearly $200 million.
See Also: OnDemand | Navigating the Difficulties of Patching OT
Euler Finance said it is aware of the incident and is working with security professionals and law enforcement. “We will release further information as soon as we have it,” the company said.
The theft of crypto funds worth $197 million marks the largest exploit in 2023 so far.
The hack was the result of a flawed logic in the protocol’s donation and liquidation functions, PeckShield told Information Security Media Group.
The attack involved two hackers, who have begun to move about 100 ETH of the stolen funds to cryptomixer Tornado Cash, PeckShield said. The rest of the stolen crypto, Slow Mist added, remain in the attackers’ wallet.
Popular on-chain sleuth Zackxbt says one of the attackers is “almost certainly a black hat as they were exploiting some random protocol” called Fcdep weeks ago.
The company’s website shows that Certora, Halborn, Solidified, ZK Labs, Sherlock and bug bounty platform Immunefi have audited its smart contracts. It says it also contracted Pen Test Partners to conduct a penetration test of Euler’s web app. The security companies and Euler Finance did not immediately clarify if the exploited vulnerability had been included in the scope of work of these audits or not.