Euler Labs hacker returns ‘all of the recoverable funds’ — Timeline

After being robbed of $196 million in a flash loan attack, Euler Finance has convinced its hacker to return most of the funds. The outcome resulted from numerous back-and-forths over 23 days, eventually leading the hacker to do “the right thing.”

On March 13, the Euler Finance hacker carried out multiple transactions, each draining millions of dollars in various tokens, including Dai (DAI), USD Coin (USDC), staked Ether (StETH) and wrapped Bitcoin (WBTC).

As a result, Euler’s total value locked inside its smart contracts has dropped from over $311 million to $10.37 million. Ultimately, 11 different decentralized finance (DeFi) protocols, including Balancer, Yearn.finance and Yield Protocol, either froze or lost funds.

At 10:00 UTC Balancer contributors became aware of an exploit on Euler. It was determined the best course of action was to pause and put into recovery mode bbeUSD (Euler Boosted USD) and all pools containing bbeUSD. This was executed by the emergency subDAO at 11:00 UTC.

— Balancer (@Balancer) March 13, 2023

The next day, on March 14, Euler took proactive measures to recover funds, disabling its vulnerable etoken module and donation function as the first course of action. In addition, it worked with auditing companies to analyze the root cause of the exploit.

One of our auditing partners, @Omniscia_sec, prepared a technical post-mortem and analysed the attack in great detail. You can read their report here:https://t.co/u4Z2xdutwe

In short, the attacker exploited vulnerable code which allowed it to create an unbacked token debt…

— Euler Labs (@eulerfinance) March 14, 2023

At the same time, Euler tried contacting the hackers to negotiate a bounty. On March 15, Euler gave the hacker an ultimatum to return 90% of the stolen funds, threatening to announce a $1 million reward for information that could lead to the hacker’s arrest. This deal would allow the hacker to get away with $19.6 million.

The hacker, on the other hand, started moving funds at will. One victim received 100 Ether (ETH) after convincing the hacker that his life savings were lost in the Euler hack. Over several days, the hacker returned the stolen funds, each varying in value.

Amid the chaos, Euler Labs CEO Michael Bentley revealed that ten separate audits over two years deemed the protocol “nothing higher than low risk” with “no outstanding issues.”

On March 21, Euler launched a $1 million bounty reward against the hacker after being ghosted mid-conversation while trying to strike a deal. Starting on March 25, the hacker started returning the stolen assets in large numbers on multiple occasions.

23 days after the hack, on April 4, Euler Finance announced the total possible recovery of the lost funds, thus ending the $1 million bounty. “Because the exploiter did the right thing and returned the funds, and the $1 million reward campaign launched by the Euler Foundation will no longer be accepting new information,” the protocol stated.

Because the exploiter did the right thing and returned the funds, and the $1 million reward campaign launched by the Euler Foundation will no longer be accepting new information.

Full details to follow tomorrow.

— Euler Labs (@eulerfinance) April 3, 2023

In the final transactions, the hacker sent 12 million DAI and 10,580 ETH in multiple transactions. The crypto community applauded Euler Finance’s effort to recover funds and restore investors’ confidence.

Related: Allbridge offers bounty to exploiter who stole $573K in flash loan attack

Gnosis, the team behind Gnosis Safe multisig and Gnosis Chain, recently launched a hash oracle aggregator to improve the security of bridges by requiring more than one bridge to validate a withdrawal.

As Cointelegraph reported, over $2 billion was stolen from bridges in 2021 and 2022, mainly due to bugs and wallet attacks.

Magazine: Huawei NFTs, Toyota’s hackathon, North Korea vs. Blockchain: Asia Express