On March 13, 2023, Euler Finance, an Ethereum-based non-custodial lending protocol, became the victim of a quick lending attack. The attacker managed to steal millions in various cryptocurrencies, including Dai, USD Coin, Staked Ether, and Wrapped Bitcoin. According to the chain’s data, the exploiter carried out multiple transactions and stole nearly $196 million, making it the biggest hack of the year.
The breakdown of the stolen funds is as follows: $87 million in Dai, $51 million in USDC, $40 million in stETH, and $17 million in WBTC. Euler Finance has yet to make an official statement on the attack and it is unclear whether the stolen funds will be recovered.
Cryptanalysis firm Meta Seluth stated that the attack is related to a deflation attack that occurred a month ago. The attacker used a multi-chain bridge to transfer the funds from Binance Smart Chain (BSC) to Ethereum and launched the attack today. ZachXBT, another prominent on-chain detective, reiterated the same, saying that the movement of funds and the nature of the attack appear quite similar to the black hats exploiting a BSC-based protocol last month.
The attack on Euler Finance highlights the risks associated with flash loans, which are unsecured loans that allow merchants to borrow large amounts of capital without putting up any assets as collateral. Flash loans have become increasingly popular in the DeFi space and have been used in several high-profile attacks, including the $600 million Poly Network hack in August 2021.
Flash lending attacks are a growing concern for the DeFi ecosystem, and several projects have taken steps to mitigate the risks associated with flash lending. For example, Aave, a popular DeFi lending platform, has implemented a cool-down period for flash loans, requiring borrowers to wait a period before applying for another loan. Similarly, Compound Finance has implemented a fee on quick loans to deter attackers.
Euler Finance is just the latest DeFi project to fall victim to a quick lending attack, highlighting the need for better security measures in the DeFi ecosystem. As the DeFi space continues to grow, it is essential to implement strong security measures to protect user funds and prevent attacks like these in the future.