Crypto firm Euler Finance loses $200 million in loan scam

While the world of traditional banking was rocked by the closure of Silicon Valley Bank over the weekend, crypto appears to be faring no better with news that decentralised finance (DeFi) platform Euler Finance has lost almost $200 million in crypto-related scam.

DeFi is an emerging banking model for organising and enabling crypto currency-based transactions, exchanges and financial services. Its central premise is that there’s no centralised authority to dictate or control operations.

The as-yet undiscovered hacker or hackers were able to borrow a large amount of money from Euler and drain it from its DeFi protocol through a so-called flash loan.

In a traditional flash loan, traders are able to borrow cryptocurrencies without any collateral, but these assets must be returned within the same transaction.

Euler’s exploiter is thought to have used a series of six different flash loans in the attack by tricking its smart contract into believing there were fewer collateral tokens than debt tokens.

According to blockchain security and data analytics company PeckShield, just two hackers were involved in this attack, which the security firm attributed to “a flawed logic in Euler Finance’s donation and liquidation transactions”.

PeckShield alerted the DeFi lender about the attack through a tweet that read: “Hi @eulerfinance: you may want to take a look”, followed by a link detailing the exploitation.

Euler replied to the firm that it was aware of the scam and its team was “currently working with security professionals and law enforcement to resolve it”.

The breakdown of the stolen funds include $8.7 million worth of the decentralised stablecoin DAI, $34 million worth of USDC, $19 million WBTC (wrapped bitcoin), and $136 million worth of staked ETH (Ethereum).

Despite the large number of $197 million dollars reported as stolen from Euler, and the attack being the largest of 2023, the incident comes 26^th on a list of the largest crypto thefts ever.