The Euler Finance hackers stole \~$200M.
They then returned \~$100 million.
Isn’t crypto fun?
We have heard a lot of cases where hackers returned stolen funds (partially or the entire amount).
There are a few reasons why—I’ll give you two.
It’s difficult to offload stolen crypto funds.
It’s not impossible but a lot of the time the word gets out and the hackers can’t access any exchange that will let them park their cash.
CEXs can easily block the coins, while in the case of DEXs, it’s a little difficult—but DAOs can vote to freeze or confiscate certain wallet addresses.
That’s why hackers use mixers like Tornado Cash to make their crypto untraceable.
Once it’s through the mixer, the money is as good as gone.
The second reason is teaching someone a painful lesson.
You see hackers are really smart people.
They are often smarter than the actual developers.
So when they see a flaw or a loophole in the smart contract, they might want to teach the devs a lesson.
And also get a sizeable bounty and a good samaritan reputation in the community.
That’s why they would exploit a protocol to send a message and then negotiate an exit strategy.
Afterall it’s the projects’ fault to not have a secured system.
In the case of Euler Finance, I am not sure what’s the case yet.
People were speculating it was the Lazarus group from North Korea that was behind the hack.
But personally, I don’t think so.
The hackers contacted Eular through a blockchain messaging system saying, “We want to make this easy on all those affected. No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement.”
It seems like the two parties have reached some sort of common ground.
Let’s see how the situation evolves.
Personally, I am frustrated seeing so many Flash Loan attacks crippling the DeFi ecosystem.
Don’t we have smart enough people to spot the myriads of possible loopholes that can cause these flash loan attacks?
I believe we need an Ethereum-verified flash loan standard that DeFi projects need to follow.
Give me your thoughts on this.
1 thought on “Hacker returns 58K Eth to Euler Finance”
Small correction – hacks are often labeled as “flash loan attacks” or “flash loan exploits” but the Euler hack would have still been possible if flash loans didn’t exist. The same holds for almost all flash loan exploits, the flash loans are not the reason why these exploits are possible.
The issue was a critical bug in a recently added function (9m ago) of the Euler code, that wasn’t noticed by their last auditor ([Sherlock](https://www.sherlock.xyz/)). Euler’s previous 5 auditors had all looked at a version of the code that did not have the vulnerability.