Decentralized lending platform Euler Finance was hit by a major attack with a loss of approximately $197 million.

Decentralized lending platform Euler Finance was hit by a major attack on Monday, March 13, resulting in the loss of approximately $197 million in cryptocurrencies from its platform. According to security firm BlockSec, the majority of the hacker’s loot — worth around $135 million — was denominated in staked Ether tokens (stETH), while the remainder was held in wrapped Bitcoin and stablecoins DAI and USDC.

The attack has almost wiped out Euler’s on-chain value, leaving only around $9.7 million locked on the platform, according to data from DeFiLlama. Euler Finance allows users to lend and borrow large amounts of cryptoassets through an automated service that does not require human intervention. The protocol’s EUL token fell more than 50% to a low of $2.88 after the attack was disclosed, according to pricing data from CoinGecko.

The hackers transferred the funds from the protocol to two fresh wallets. One of the wallets has 88,752 Ethereum (ETH) and 34,186,225 DAI stablecoins. At the same time, the other one has over 88,77,507 DAI tokens.

The hack was made possible due to the flawed logic of Euler Finance’s donation and liquidation processes. Specifically, the donateToReserves function needed to ensure the donator was still over-collateralized, and liquidation needed to ensure the correct conversion rate from borrow to collateral asset.

The cause can be seen in the EulerContracts Github repository, specifically the flawed logic in the EToken.sol contract at line 359.

All of the attack transactions from Euler Finance exploit this flaw. The hacker first borrowed $30 million in DAI from Aave through a flash loan and deployed two contracts, a lending contract and a clearing contract. The deposit function was called to pledge $20 million of the borrowed DAI to the Euler Protocol contract, receiving 19.5 million eDAI in return. At this point, the hacker borrowed $195.6 million eDAI and $200 million dDAI from Euler Finance.

The repay function was then called to use the remaining $10 million DAI from the flash loan to pay off the debt and burn 10 million dDAI. The mint function was called again to borrow $195.6 million eDAI and $200 million dDAI. The donateToReserves function was called to donate 10 times the repayment amount and sent 100 million eDAI to be used in the liquidation process, which resulted in receiving 310 million dDAI and 250 million eDAI. The withdraw function was then called to obtain $38.9 million DAI and return the borrowed flash loan of $30 million. The hacker made a profit of $8.87 million DAI from this.

Some of the proceeds from the attack are already being laundered through Tornado Cash, a US-sanctioned platform that enables users to obfuscate their transaction history, according to security companies PeckShield Inc and Elliptic.

This attack highlights the importance of secure code practices and careful consideration of potential vulnerabilities when developing smart contracts. It also underscores the risks associated with decentralized finance platforms and the need for users to exercise caution when using such services.