Euler Finance’s DeFi protocol disabled the vulnerable EToken module, blocking deposits.
An update on our work today to recover funds for Euler protocol users.
Here are a few actions we took immediately:
1. Stopped the direct attack as soon as possible by helping disable the EToken module, which blocked deposits and the vulnerable donation function
2. Engaged TRM… https://t.co/6ZClE9uGoH
— Euler Labs (@eulerfinance) March 14, 2023
The project team has already notified US and UK law enforcement agencies of the $196 million hack. In addition, Euler Finance turned to the analytical companies Chainalysis and TRM Labs to help investigate the incident.
Representatives of the project also contacted the hacker and offered him a reward for returning the stolen funds.
According to reports, the attacker used an exploit in the instant loan mechanism by posting unsecured collateral. Due to an error in the smart contract, the hacker was able to liquidate the debt and withdraw the funds.
one of our auditing partners, @Omniscia_sec, prepared a technical post-mortem and analyzed the attack in great detail. You can read their report here:https://t.co/u4Z2xdutwe
In short, the attacker exploited vulnerable code which allowed it to create an unbacked token debt… https://t.co/FGnPqvYUGB
— Euler Labs (@eulerfinance) March 14, 2023
According to Sherlock’s audit team, which previously worked with Euler, the vulnerability went undetected for 8 months. The company said that WatchPug, which conducted a protocol review in July 2022, did not find a critical error.
Likewise, Sherlock stands behind every auditor who reviewed Euler.
Sherlock initially worked with @cmichelio to audit the first version of Euler in Dec 2021, then with @shw9453 to audit a very small update in Jan 2022, and finally with @WatchPug_ to audit EIP-14 in July 2022.
— SHERLOCK (@sherlockdefi) March 13, 2023
Sherlock also helped the affected project file a $4.5 million lawsuit, which was approved on March 14. As a result, the company released $3.3 million to recover losses.
Recall that on March 10, Hedera Hashgraph announced the withdrawal of an unnamed amount as a result of a platform hack.
Found a mistake in the text? Select it and press CTRL+ENTER
bitcoinlinux Newsletters: Keep your finger on the pulse of the bitcoin industry!
