Euler Finance Hack 2023 — $197M Exploit Analysis

Flash loan attack exploiting a flawed donation function in Euler's lending protocol allowed theft of ~$197M.

Details

Full Description

The attacker exploited a flaw in Euler's donateToReserves() function combined with a liquidation mechanism. Using a flash loan, they created a large unhealthy position, then donated collateral to reserves without burning debt tokens, triggering a liquidation that allowed stealing the remainder. The attack was executed in a single transaction.

Laundering Analysis

Attacker initially moved funds to Tornado Cash. Then, in an unusual turn, began returning funds after the Euler team posted an on-chain message offering a $1M bounty. By April 4, 2023, the attacker returned all $197M, possibly fearing identification. Ethereum address linked to a possible white-hat or remorseful hacker.

Sources

Transaction Hashes

Related Hacks

Back to Browse