On Saturday, the attacker of the Euler Finance, a popular lending platform returned a part of the stolen funds. According to a well-known on-chain sleuth ZachXBT, the attacker refunded 3,000 ETH, equivalent to $5.3 million out of about $197 million stolen from the network.
A renowned blockchain security firm, Peckshield also confirmed this development. The firm identified three transactions that were used by the attacker to send the funds. It is necessary to note that this development comes barely a few days after Euler Finance announced a $1 million reward for anyone willing to provide necessary information to tame the hacker. In the same vein, the protocol also asked the attacker to have a change of heart by refunding at least 90% of the stolen funds or risk possible jail term. Shortly after this announcement dominated the airspace, the attacker started moving the stolen funds to Tornado cash.
Side Notes on the attack on Euler Finance
Recall that Euler Finance suffered the exploitation last Monday. The alarm was first raised by Certik, a blockchain security firm. In its report, Certik claimed the lending protocol lost 8.87 million $DAI, 34 million $USDC and about 85.8k $stETH to the attack. This thus amounts to a total of $197 million in worth. ZachXBT also gave its report about the exploitation. The on-chain sleuth identified black hats as the brain behind the exploitation. According to ZachXBT, the nature of the attack and the way in which the funds were siphoned was very similar to the attack inflicted on a BSC-based platform last month. Worthy of note that black hats allegedly carried out the attack on the BSC-based platform. As reported, the identified attacker also transferred the funds from the network to Tornado Cash.
But, this attack on Euler Finance raises questions about the efficiency of the Sherlock security mechanism running on the protocol’s network. Recall that the Euler Finance had earlier partnered Sherlock, a risk management protocol to advance the security of its network. As part of the terms of the partnership, Sherlock carried out an audit on the smart contracts of the platform. Now, the Monday attack proves the protocol still has a lot of work to do in securing its network.
Rising exploitations in the crypto sphere
Regrettably, crypto exploitations have been on the rise since the beginning of the year. Just a few weeks ago, Hedera, an open-source protocol suffered an exploitation on its Smart Contract Service Code. Reportedly, the attack led to the loss from its liquidity pool tokens. More so, LaunchZone, a non-custodial crypto firm endured the same fate on the BNB chain. The exploitation led to the loss of over $700,000 loss of assets. But certainly, the attack on Euler Finance is still the biggest exploitation that have greeted a DeFi project in 2023.