$197 Million in Cryptocurrency Stolen in Euler Finance Attack

On Sunday, a cryptocurrency flash loan attack on the lending platform Euler Finance resulted in the theft of $197 million in various digital assets by threat actors. The theft involved multiple tokens including $135.8 million in stETH, $33.85 million in USDC, $18.5 million in WBTC, and $8.75 million in DAI.

The ETH wallet used to store the stolen cryptocurrency is being tracked, making it difficult for the threat actor to move the funds around and convert them into a usable form.

Euler Finance Addresses the Attack

The start-up behind Euler Finance shared a brief statement via Twitter to explain the situation, saying that they have informed and are working with law enforcement agencies and security professionals. According to reports from Elliptic, the threat actors have already begun to launder the stolen cryptocurrency through the decentralized cryptocurrency mixer Tornado Crash.

As a result of the attack, the value of the Euler (EUL) toked already dropped by 48.9%, going from being worth $6.56 to $3.07 at the moment of writing.

Flash Loan Attacks Explained

Flash loan attacks take advantage of a flaw in a lending protocol to take out a sizable loan without having to pay it back to the service. In order to make a significant profit when the deal is finished, the attackers employ an exploit that enables them to control the price of a token or asset on the platform during the brief seconds that they retain the lent amount.

As reported by BleepingComputer, the hack of Euler was made possible due to a flawed logic in its donation and liquidation system. The liquidation system incorrectly verified the conversion rate from the loaned to the collateral asset, and the function “donateToReserves” failed to check that the attacker was donating an amount that was excessively collateralized.

euler finance flaweuler finance flaw

Euler Finance Flaw (Source: PeckShield)

The flaws allowed the attackers to manipulate the conversion rate and thus, profit from the liquidation process. According to PeckShield, the attack involved two threat actors, a borrower and a liquidator.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

图片[3]|$197 Million in Cryptocurrency Stolen in Euler Finance Attack|黑客技术网图片[4]|$197 Million in Cryptocurrency Stolen in Euler Finance Attack|黑客技术网If you liked this post, you will enjoy our newsletter.Get cybersecurity updates you\’ll actually want to read directly in your inbox.

Source: /kcatta-ecnanif-relue-ni-nelots-ycnerrucotpyrc-ni-noillim-791/golb/moc.ytirucesladmieh

© 版权声明
点赞10 分享
评论 抢沙发