Euler Readies $1M Bounty on Crypto Hacker Who Stole $200M

DeFi lending protocol Euler has warned its hacker to return most of the stolen crypto or else face a $1 million bounty

article-image

Shutterstock.com/Peshkova, modified by Blockworks

share

Euler Finance intends to put out a $1 million bounty on the hacker who stole nearly $200 million from the DeFi platform earlier this week — unless they return nearly all of it.

“If 90% of the funds are not returned within 24 hours, tomorrow we will launch a [$1 million] reward for the information that leads to your arrest and the return of all funds,” Euler wrote in an on-chain message to the hacker.

The bounty message followed a separate on-chain note sent on Monday: “We understand that you are responsible for this morning’s attack on the Euler platform. We are writing to see whether you would be open to speaking with us about any potential next steps.”

Earlier on Monday, hacker(s) had executed what’s known as a flash loan attack. These involve rapidly borrowing and returning crypto within one block while exploiting a smart contract vulnerability to receive an unintended amount of crypto.

In Euler’s case, the attack saw around $197 million siphoned from its Ethereum-powered lending protocol — mostly wrapped staked ether along with smaller amounts of USDC, wrapped bitcoin, wrapped ether, DAI and lido staked ETH.

Independent researcher ZachXBT tweeted that he was certain the attack was conducted by malicious hackers, “as they were exploiting some random protocol on [Binance Smart Chain] a few weeks ago” with funds deposited to Tornado Cash.

Euler states on its website that it had partnered with six security firms, but it appears those protections weren’t enough.

The vulnerability lay within the “donateToReserve” function in the Euler Pool contracts, according to blockchain security firm CertiK.

This function is said to lack proper checks of the liquidity collateralization status, with the result being that users could willingly abandon a portion of the leveraged deposit, which would leave the pool insolvent.

“With assets borrowed from the flash loan, the attacker first created a highly leveraged insolvent position through the unique ‘mint’ function of the Euler lending protocol as well as the vulnerable ‘donateToReserves’ function within Euler’s pool contracts,” CertiK said. 

“The attacker then liquidates their position in the same transaction to gain a large amount of derivative eTokens before draining the pool through withdrawal. The attacker repeatedly calls the attacks on multiple Euler Pools to drain all of them.”


Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Unlocked by Template Presentation.jpg

Research

The Solana validator landscape has changed drastically over the past year. The chain now has 1,332 active validators with 380.9 million SOL staked (63.9% of supply) as of February 2025. Validator revenue had diversified beyond inflationary rewards (still making up 55%) to include Jito tips (30%), priority fees (24%), and base fees (<1%), in January, especially with the increased activity on Solana. Since then, issuance has become dominant again (76%), while Jito tips (14%), priority fees (9%), and base fees (less than 1%) have reduced in share of February 2025. There has been a strong shift towards non-inflationary revenue sources, which have become more central to validator economics as priority fees and off-chain blockspace auctions gain traction. Client diversity has also improved drastically, with implementations such as Agave, Jito-Solana, and Frankendancer already in use, and upcoming clients like Firedancer and Sig expected to further strengthen resilience and reduce reliance on a single codebase.

article-image

BWR analyst Carlos Gonzalez Campo explains the consequences of SOL inflation and transfers lost to “leaky buckets”

article-image

Empire co-host Santiago Santos makes the case that memecoins have actually helped push infra forward…just not in the way you think

article-image

A16z Crypto lists seven buckets for tokens and recommendations for how to regulate them, in a filing submitted to the SEC

article-image

New model aims to resolve trading inefficiencies with a single execution layer and market maker changes

article-image

Investors navigating BTC face short-term unpredictability, influence from other markets

article-image

The GENIUS Act aims to establish regulatory guidelines for stablecoins