UK-based cryptocurrency startup Euler Labs has recently been the victim of a significant cyber-attack, resulting in the theft of nearly $200 million from its decentralized finance (DeFi) lending protocol. The company offers a DeFi protocol on the Ethereum platform that allows users to lend and borrow a wide range of digital assets.
The attack, which took place yesterday, involved hackers exploiting a vulnerability in Euler Labs’ code, enabling them to steal approximately $199 million worth of various cryptocurrencies. The stolen funds included USDC ($34.1 million), Dai ($8.8 million), Wrapped Bitcoin ($18.9 million), and Staked Ether ($137.1 million), as reported by blockchain analysis firm Elliptic.
According to Elliptic, the attackers utilized a technique known as a “flash loan attack,” which involves taking out large, short-term uncollateralized crypto loans from a DeFi service to manipulate the market and other DeFi platforms in their favor. The stolen funds are currently being laundered through Tornado Cash, a decentralized mixer that has been flagged by the US government.
The funds used in the attack were traced back to a Monero wallet, a privacy-focused cryptocurrency. Despite Monero’s anonymity features, Elliptic’s investigation tools allowed them to track the stolen funds.
In response to the attack, Euler Labs took immediate action to contain the breach and enlisted the help of blockchain intelligence firms Chainalysis and TRM Labs, as well as the Ethereum security community, in an effort to recover the stolen funds. The company also cooperated with UK and US law enforcement agencies and even attempted to communicate with the attackers to explore potential options for resolution.
Euler Labs emphasized that auditors had previously reviewed and approved the vulnerable code in its lending protocol. However, the vulnerability went undetected during these audits and remained exploitable for eight months before being leveraged in the recent attack. Despite offering a $1 million bug bounty program during that time, the vulnerability persisted.
This incident serves as a stark reminder of the ongoing challenges faced by DeFi platforms in ensuring the security and integrity of their protocols. As the crypto industry continues to evolve, it is essential for companies like Euler Labs to remain vigilant and proactive in addressing potential vulnerabilities to safeguard user funds and maintain trust within the community.