Euler Finance, a lending protocol in the decentralized finance (DeFi) space, which has witnessed several losses of funds through network exploits, has fallen victim to the largest exploit so far in 2023.
Recently, the space Meta Sleuth, a crypto analytics company, recently reported the attacks on Euler Finance. The firm noted that the lending platform lost tokens worth over $190 million, which include 43.6M DAI and 96,800 ETH tokens.
Further, the DeFi lending platform attack affected some DeFi protocols, including Balancer. The exploit led to the loss of more than 65% of the Balancer’s TVL before its reaction in pausing the pool.
Euler Finance Blocks Vulnerable Module
According to a post on Euler Labs’ official Twitter page, the protocol has taken some critical actions to fix the issue. It stopped the direct attack on the platform by disabling the vulnerable etoken module. Hence, it blocked deposits as well as the vulnerable donation function.
The protocol has also provided a link to an analysis of how the hackers could exploit the network, thereby stealing users’ funds. Euler Finance reported that the software vulnerability had been on-chain for eight months until hackers’ exploitation.
Moves To Recover Stolen Funds
The Euler Finance team is reportedly working with security firms and authorities to remedy the situation. These include Chainalysis, TRM Labs, and the broader ETH security community. Also, the protocol notified the US and UK law enforcement agencies to assist it in tracking and stopping the cyber thieves.
Furthermore, the Euler team is making moves to reach the exploiters of the platform. First, this will help it to discover more regarding the vulnerability issues. Also, it will create the opportunity for a bounty negotiation to facilitate the recovery of the stolen funds. Â
On its part, Sherlock, an audit firm and partner of Euler Finance, investigated the possible cause of the exploit on the platform. According to its report, the audit company discovered that a missing health check in ‘donateToReserves’ was the primary factor that triggered the exploit.
This is a new function in EIP-14, but Sherlock believes the attack would have scaled through even before the EIP-14 on the lending protocol.
After verifying the exploit’s root cause, Sherlock helped Euler Finance submit a claim for $4.5 million. Also, it conducted a vote on the claim, which passed and has executed the payout of about $3.3 million as of March 13. Â
Further, Sherlock pointed out that Watchpug audited Euler’s EIP-14 in July 2022. However, the group failed to detect the critical vulnerability that caused the exploit this March 2023.
Software vulnerabilities remain one of the major routes of attacks and loss of funds in the crypto space. While developers try to prevent these hideous activities by identifying and patching these vulnerabilities, hackers keep searching for them to stay a step ahead of security teams.
Featured image from Pixabay and chart from Tradingview.com
