Euler Crypto Lender Suffers $200m Hack

PeckShield, a security company based in China, alerted British crypto lender Euler on Twitter about a possible hack. It posted transaction details indicating that the hack resulted in a loss of $197 million.

PeckShield suggested that the hackers took advantage of a vulnerability in Euler's system. Euler acknowledged the situation and stated it was working with security experts and law enforcement. The lender also promised to provide more information as soon as it becomes available.

Crypto critic Molly White, who documents hacks and scams on her blog ‘Web3 is Going Just Great’, stated that the hack on Euler was the most significant this year.

White ranked it as the eighth largest theft on the all-time list, although it pales compared to some of the crypto industry's most massive scams, reaching billions of dollars.

At the beginning of last year, the crypto sector was on an upward trajectory, with the market for digital tokens and cryptocurrencies valued at hundreds of millions of dollars.

Crypto companies were aggressively marketing themselves through TV commercials, sports team sponsorships, and promoting their technology as revolutionary, as they aimed to attract new investors from the general public.

Euler crypto falls victim to malicious hackers leveraging flash loans

According to a detailed analysis conducted by the blockchain security firm Slowmist, the recent attack on Euler crypto lender involved the use of flash loans by the attacker. The funds were deposited and leveraged twice to trigger liquidation, after which the attacker sent the funds to the reserved address as well conducting a self-liquidation to collect any remaining assets.

The attack's success was attributed to two factors:

• Funds were sent to the reserved address without undergoing a liquidity check, resulting in soft liquidation.

• The soft liquidation logic was activated by the high leverage, which allowed the liquidator to transfer only a fraction of the liabilities to themselves while obtaining most of the collateral funds from the liquidated user's account.

Gustavo Gonzalez, a solutions developer at the blockchain security firm OpenZeppelin, informed Cointelegraph that the entire incident occurred in a single transaction per pool, utilizing flash loans from AAVE.