Flash loan attack exploiting a flawed donation function in Euler's lending protocol allowed theft of ~$197M.
The attacker exploited a flaw in Euler's donateToReserves() function combined with a liquidation mechanism. Using a flash loan, they created a large unhealthy position, then donated collateral to reserves without burning debt tokens, triggering a liquidation that allowed stealing the remainder. The attack was executed in a single transaction.
Attacker initially moved funds to Tornado Cash. Then, in an unusual turn, began returning funds after the Euler team posted an on-chain message offering a $1M bounty. By April 4, 2023, the attacker returned all $197M, possibly fearing identification. Ethereum address linked to a possible white-hat or remorseful hacker.
0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d