Euler Finance, a credit protocol in the decentralized finance space (DeFi), which has witnessed several fund losses through network exploitation, has been the victim of the biggest exploit so far in 2023.
Recently, the board Meta Sleuth, a crypto analytics company, has broken up reported attack on Euler Finance. The company noted that the lending platform lost tokens worth more than $190 million, including 43.6M DAI and 96,800 ETH tokens.
Furthermore, the attack on the DeFi credit platform affected several DeFi protocols, including Balancer. The exploit resulted in a loss of more than 65% of the TVL Balancer before reacting when the pool was paused.
Euler Finance Block Module Vulnerable
According to a post on the official Twitter page of Euler Labs, the protocol has taken some critical actions to fix the problem. Stop direct attacks on the platform by disabling vulnerable etoken modules. Therefore, deposits are blocked as well as vulnerable donation functions.
The protocol also provides a link to the analysis how hackers can exploit these networksthereby stealing user funds. Euler Finance reported that the software vulnerability had existed for eight months until the hackers exploited it.
Motion To Recover Stolen Funds
The Euler Finance team is reportedly working with security companies and authorities to address the situation. This includes Chainalysis, TRM Labs, and the broader ETH security community. In addition, the protocol notifies US and UK law enforcement agencies to assist and stop cyber thieves.
Furthermore, Euler’s team made a move to reach out to the exploiters of the platform. First, it will help to understand more about the vulnerability issue. Also, it will create an opportunity to negotiate a reward to facilitate the recovery of stolen funds.
In this section, Sherlock, audit firm and Euler Finance partner, investigated because it can be exploited on the platform. According to the report, the audit firm found that missing health checks on ‘donateToReserves’ were the main factor behind the exploit.
This is a new function in EIP-14, but Sherlock believes that the attack will go beyond EIP-14 in terms of lending protocols.
After verifying the cause of the exploit, Sherlock helped Euler Finance submit a $4.5 million claim. In addition, it conducted a vote on the claim, which passed and has paid about $3.3 million since March 13.
Furthermore, Sherlock revealed that Watchpug audited Euler’s EIP-14 in July 2022. However, the group failed to detect the critical vulnerability that led to the exploit in March 2023.
Software vulnerabilities remain one of the main routes of attack and loss of funds in the crypto space. While developers are trying to prevent this horrible activity by identifying and patching these vulnerabilities, hackers are constantly looking to stay ahead of the security team.
Featured images from Pixabay and charts from Tradingview.com