Euler Suffers $200M Exploit in Flash Loan Attack

Euler Finance, a DeFi lending and borrowing protocol has been exploited by almost $200 million in a flash loan attack.

Contents lost in the attack include $8.7 million in DAI, $18.5 million in WBTC, $135.8 million in stETH, and $33.8 million in USDC, information compiled by BlockSec shows. 

“We are aware and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it,” Euler Labs tweeted. 

Flash loan attacks have been common in DeFi — including some similarly large exploits such as Beanstalk’s loss of $182 million in April 2022.

In a traditional flash loan, traders are able to borrow cryptocurrencies without any collateral, but these assets must be returned within the same transaction.

Euler’s exploiter used a series of six different flash loans in the attack by tricking its smart contract into believing there were fewer collateral tokens than debt tokens.

According to blockchain security and data analytics company PeckShield, “The hack is made possible due to the flawed logic [in] its donation and liquidation.”

“Specifically, the donateToReserves needs to ensure the donator is still over-collateralized,” the company tweeted. “And liquidation needs to ensure the *correct* conversion rate from borrow to collateral asset.”

Following the exploit, the price of Euler’s native token (EUL) has dipped by over 55%. At the time of writing, it is currency trading at $2.75, according to CoinGecko.

---

Get the news in your inbox. Explore Blockworks newsletters:

• The Breakdown: Decoding crypto and the markets. Daily.
• 0xResearch: Alpha in your inbox. Think like an analyst.
• Empire: Crypto news and analysis to start your day.
• Forward Guidance: The intersection of crypto, macro and policy.
• The Drop: Apps, games, memes and more.
• Lightspeed: All things Solana.
• Supply Shock: Bitcoin, bitcoin, bitcoin.