Decentralized finance (DeFi) platform Euler Finance has reportedly suffered an exploit of approximately $196.9 million, per audit platform BlockSec.
The attacker nabbed $8.7 million in the decentralized stablecoin DAI, $18.5 million in Wrapped Bitcoin (WBTC), a whopping $135.8 million in Staked Ethereum (stETH), and another $33.8 million in Circle’s USD stablecoin USDC.
Euler Finance is a borrowing and lending platform for cryptocurrencies, allowing users to earn interest for adding various assets to the protocol.
A BlockSec spokesperson told Decrypt that the root vulnerability is still unknown, but that the attacker used a series of six different flash loans to leverage the attack. A flash loan is a crypto-native loan in which a user borrows and returns funds in the same transaction.
Others reported that the “donateToReserves” function in the project’s smart contracts is the key vulnerability.
2/ The hack is made possible due to the flawed logic its donation and liquidation. Specifically, the donateToReserves needs to ensure the donator is still over-collateralized. And liquidation needs to ensure the *correct* conversion rate from borrow to collateral asset. pic.twitter.com/dsHUP1orRP