Crypto News

Euler Finance Blocks Vulnerable Module, Working on Recovering Funds

Euler Finance Blocks Vulnerable Module, Working on Recovering Funds

​​On March 13, the DeFi lending protocol Euler Finance was the target of a flash loan attack, which led to the largest cryptocurrency hack of 2023 so far. The attack cost the loan protocol around $197 million, and it also had an effect on more than 11 other DeFi protocols.

On March 14, Euler provided an update on the problem and informed its users that the susceptible etoken module had been disabled to prevent deposits as well as the vulnerable contribution feature.

The company claimed that they collaborate with different security teams to evaluate its protocol and that the susceptible code was examined and authorized during an external audit. The audit did not result in the discovery of the vulnerability. Despite a $1 million bug prize in place, the vulnerability was not exploited for eight months.

Sherlock, an audit company that has previously worked with Euler Finance, confirmed the source of the exploit and assisted Euler in making a claim. The $4.5 million claim was then put to a vote by the audit protocol, which it passed. On March 14, the $3.3 million settlement was then carried out.

An important contributing element to the exploit, according to the audit group’s analytical report, was a lack of a health check in the new function “donateToReserves,” which was included in EIP-14. The protocol emphasized that the attack was still technically feasible prior to EIP-14, nevertheless.

Sherlock pointed out that the WatchPug Euler audit from July 2022 missed the crucial flaw that ultimately resulted in the exploit in March 2023. In an effort to assist them with the inquiry and get the money back, Euler has also contacted top on-chain analytic and blockchain security companies including TRM Labs, Chainalysis, and the larger ETH security community.

In order to learn more about the incident and maybe work out a bounty to recover the stolen monies, Euler said that they are also attempting to get in touch with the attackers.

 

Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.