Euler Finance, a decentralized finance (DeFi) platform, was exploited on Monday, with the hacker stealing over $197 million, according to data from audit firm BlockSec.
BlockSec reported that the attacker made away with $18.4 million in Wrapped Bitcoin, $8.8 million in DAI, $34.2 million in USDC, and $135.9 million in staked Ethereum.
Euler Finance is a popular platform for lending and borrowing cryptocurrencies, letting users earn interest for providing liquidity to the protocol.
How Did the Hacker Execute the Exploit?
BlockSec is yet to find the root vulnerability. However, the firm has revealed that the hacker used seven different flash loans to execute the attack. In Crypto, a flash loan involves a user borrowing and returning the money in the same transaction.
Meanwhile, other blockchain analysis companies like Peckshield have suggested that Euler Finance’s ‘donate-to-reserves’ function in its smart contracts is the major vulnerability.
The crypto lender’s market data shows there is approximately $230 in the Wrapped Bitcoin lending market and about $210 in Circle’s USDC. Moreover, the data indicates that staked Ethereum and DAi have been drained completely.
According to data from DefI Llama, the total value locked of Euler Finance was roughly $237 million before the attack. However, as of Tuesday morning, the figure had plummeted to $10.36 million, representing a 95% drop.
The crypto lender didn’t respond to our request for comment but tweeted that it was aware of the exploit and the firm was working with law enforcement and security professionals. Euler Finance promised to release more information on the matter as soon as possible.
Euler Finance Native Token Reacts to the Exploit
Prior to the attack, the DeFi platform’s native token EUL was trading at $6.07, but over the past 24 hours, the token has had a sharp decline to change hands for $3.02% as of this writing, data on CoinMarketCap shows.
Attacks on DeFi protocols have been on the rise in recent months, with lending platforms not spared. Last November, a hacker named Avi Eisenberg attempted to execute an exploit on another crypto lender Aave but failed terribly. The same cybercriminal was involved in Mango Market’s attack, leaving the protocol counting over $110 million in losses.