Euler Finance, a DeFi lending protocol, was hit by a flash mortgage assault on March 13, ensuing in the biggest cryptocurrency hack of 2023 to this point. The assault resulted in a lack of virtually $197 million, impacting over 11 different DeFi protocols. To dam deposits, Euler Finance disabled the weak etoken module and donation operate.
Euler Finance up to date its customers on March 14, notifying them of the disabled options and the scenario. The agency has been working with numerous safety teams to conduct audits of its protocol, and the weak code had been reviewed and permitted throughout an exterior audit. Nevertheless, the vulnerability continued on-chain for eight months earlier than it was exploited, regardless of a $1 million bug bounty.
Sherlock, an audit group that had beforehand collaborated with Euler Finance, verified the foundation reason behind the exploit and assisted Euler in submitting a declare. The audit protocol voted on the declare for $4.5 million, which was permitted, and a $3.3 million payout was later made on March 14.
In line with the audit report, the exploit’s primary trigger was a lacking well being test in the “donateToReserves” operate, which was a brand new addition in EIP-14. The protocol emphasised that the assault was nonetheless technically possible even earlier than EIP-14.
Sherlock additionally famous that the Euler audit carried out by WatchPug in July 2022 did not determine the important vulnerability that finally led to the assault in March 2023. To analyze and get well the funds, Euler has additionally contacted main on-chain analytic and blockchain safety companies corresponding to TRM Labs, Chainalysis, and the broader ETH safety group.
Euler Finance has acknowledged that it is usually trying to contact these accountable for the assault to be taught extra in regards to the difficulty and doubtlessly negotiate a bounty to get well the stolen funds. This incident highlights the significance of conducting common audits of DeFi protocols to determine vulnerabilities and forestall assaults. As DeFi continues to increase and appeal to extra customers, safety and reliability will turn out to be much more important to the trade’s success.