Hacker Steals $200 Million From Euler FinanceThief Off-Ramps Some Funds to Tornado Cash; DeFi Firm Probes Incident
Hackers are draining millions of dollars from decentralized finance protocol Euler Finance in an ongoing attack. As of 10:45 a.m. UTC, the thieves had stolen digital assets worth nearly $200 million.
Euler Finance said it is aware of the incident and is working with security professionals and law enforcement. "We will release further information as soon as we have it," the company said.
The hack was the result of a flawed logic in the protocol's donation and liquidation functions, PeckShield told Information Security Media Group.
The attack involved two hackers, who have begun to move about 100 ETH of the stolen funds to cryptomixer Tornado Cash, PeckShield said. The rest of the stolen crypto, Slow Mist added, remain in the attackers' wallet.
Popular on-chain sleuth Zackxbt says one of the attackers is "almost certainly a black hat as they were exploiting some random protocol" called Fcdep weeks ago.
The company's website shows that Certora, Halborn, Solidified, ZK Labs, Sherlock and bug bounty platform Immunefi have audited its smart contracts. It says it also contracted Pen Test Partners to conduct a penetration test of Euler's web app. The security companies and Euler Finance did not immediately clarify if the exploited vulnerability had been included in the scope of work of these audits or not.