On March 13, a flash loan attack on the Ethereum-based noncustodial lending protocol Euler finance resulted in an estimated loss of $196 million worth of Dai (DAI), staked Ether (StETH), and wrapped Bitcoin (WBTC). However, this marks the biggest hack of 2023 to date. Furthermore, data from on-chain sources indicates that the attacker carried out multiple transactions.
Meta Seluth, a crypto analytics firm, also reported that today’s attack is correlated with the deflation attack one month ago. The attacker used a multichain bridge to transfer funds from the BNB Smart Chain (BSC) to Ethereum and launch the attack.
The stolen funds are currently in these hacker addresses:
- 0xebc29199c817dc47ba12e3f86102564d640cbf99 (Contract) – 8,877,507.4 DAI
- 0xb2698c2d99ad2c302a95a8db26b08d17a77cedd4 – 8,080.97 ETH
- 0xb66cd966670d962c227b3eaba30a872dbfb995db – 88,752.69 ETH & 34,186,225.91 DAI
It is essential to know that Euler Finance has confirmed the exploit and is cooperating with security experts and law enforcement to address the issue. They are taking all necessary steps to rectify the situation swiftly.
ZachXBT, a well-known on-chain investigator, noticed similarities between the current attack and one on BSC last month. After exploiting the protocol, the hackers moved their funds through Tornado Cash, a crypto mixer. Last year Euler Finance raised $32 million in an investment round with participation from major firms like FTX, Coinbase, Jump, Jane Street, and Uniswap. The platform has become increasingly popular for its liquidity staking derivatives (LSDs) services.
LSDs are a new type of token that allows stakers to increase potential returns by unlocking liquidity for staked cryptocurrency, such as Ether ETH. LSDs comprise about 20% of the total value locked in centralized finance protocols.