Euler Finance, a lending protocol firm, suffered a cryptocurrency flash loan attack earlier this week. Reports revealed that the threat actors had stolen nearly $200 million of digital assets. The crypto theft involved multiple tokens, such as DAT, WBTC, USDC, and stETH.
Fortunately, authorities are currently tracking the attacker’s ETH wallet for storing the stolen funds. Hence, the attackers will have difficulty moving the stolen funds and converting them into usable funds.
Other researchers believe the threat actors are laundering the snatched goods through a sanctioned crypto mixer called Tornado Cash.
Euler Finance clarified that they would release more details once they are ready.
The United Kingdom-based Euler Finance posted a statement on Twitter stating that they are cooperating with security professionals and relevant authorities to release additional information about the incident.
Unfortunately, the crypto flash loan attack caused Euler’s value to drop by approximately 44.2% after the incident. Researchers explained that flash loan attacks usually abuse vulnerabilities in a lending protocol to borrow large amounts of funds without having to return their value to the service.
In addition, the attackers utilise an exploit that enables them to alter the price of a token on the platform during the moment that they hold the lent amount. They could earn a massive profit once a trade is successful.
A blockchain security analyst reported that the hack of Euler became prosperous due to the vulnerable logic in its liquidation and donation protocol. The ‘donateToReserves’ function within the Euler did not verify that the threat actors were not donating an over-collateralised amount.
Furthermore, the liquidation system did not correctly verify the conversion rate from the lent to the collateral asset.
These vulnerabilities enabled the perpetrators to alter the conversion rate to profit from liquidation. A separate researcher believed that the attack involved a couple of hackers. One hacker is a borrower, and the other is a liquidator.
The attack became massive since it derailed the crypto entity overnight and inflicted huge damage that bypassed security solutions.
