Cyber Incident Victim: Euler Finance
Date:
Mar 2023
Location:
United Kingdom
Summary
Euler Finance experienced a flash loan attack resulting in the theft of approximately $197 million across multiple cryptocurrencies, leveraged through vulnerabilities in its smart contract logic. The exploit targeted flaws in the protocol's donation and liquidation mechanisms, allowing attackers to manipulate conversion rates and profit illicitly during liquidations, with two coordinated actors executing the attack. Stolen funds were subsequently laundered via a sanctioned crypto mixer, causing the platform's native token value to plummet by 44.2% due to the breach. Blockchain analysts attributed the incident to insufficient validation checks within Euler's code despite prior security audits, highlighting systemic risks in decentralized finance platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 12, 2023, Euler Finance, a decentralized lending protocol operated by UK-based Euler Labs, suffered a flash loan attack resulting in the theft of $197 million in digital assets. The attacker exploited vulnerabilities in Euler’s smart contract system to manipulate token prices and conversion rates during the brief period of a flash loan. Specific tokens stolen included $8.75 million in DAI, $18.5 million in WBTC, $33.85 million in USDC, and $135.8 million in stETH. Blockchain analytics firms traced the stolen funds to an Ethereum wallet controlled by the attacker, complicating their ability to move or convert the assets. Despite this, the threat actor began laundering proceeds through Tornado Cash, a sanctioned cryptocurrency mixing service. The attack mechanism involved two functions within Euler’s code: the “donateToReserves” feature lacked verification to ensure donated amounts were over-collateralized, while the liquidation system failed to validate conversion rates between borrowed and collateral assets. This dual flaw enabled the attacker to artificially depress conversion rates during liquidations, creating illegitimate profits.
The theft caused Euler’s native EUL token to plummet 44.2% overnight, falling from $6.56 to $3.37. Blockchain security firm PeckShield identified that two hackers collaborated in the attack—one acting as borrower and the other as liquidator—to exploit the protocol’s flawed logic systematically. Euler Labs acknowledged the incident via Twitter, confirming engagement with security professionals and law enforcement but provided no immediate technical details or recovery timeline. The attack exemplified a broader trend of DeFi platforms being targeted through smart contract vulnerabilities rather than centralized exchanges, with attackers prioritizing rapid exploitation of logical flaws over traditional attack vectors. This incident followed a similar $182 million flash loan attack against Beanstalk DeFi in April 2022, underscoring the recurring risks in unaudited or insufficiently validated codebases. The financial scale and operational disruption demonstrated how a single vulnerability could destabilize a previously functional protocol, even after multiple security audits, by enabling near-instantaneous asset depletion.