Euler Labs hacker returns 'all of the recoverable funds' — Timeline
After being robbed of $196 million in a flash loan attack, Euler Finance convinced its hacker within 25 days to return most of the funds. The outcome was a result of numerous to and fro, which eventually led the hacker to do “the right thing.”
On March 13, the Euler Finance hacker carried out multiple transactions, each draining millions of dollars in various tokens, including DAI (DAI), USD Coin (USDC), staked Ether (StETH) and wrapped Bitcoin (WBTC).
As a result, Euler’s total value locked inside its smart contracts has dropped from over $311 million to $10.37 million. Ultimately, 11 different decentralized finance (DeFi) protocols, including Balancer, Yearn Finance and Yield Protocol, either froze or lost funds.
At 10:00 UTC Balancer contributors became aware of an exploit on Euler. It was determined the best course of action was to pause and put into recovery mode bbeUSD (Euler Boosted USD) and all pools containing bbeUSD. This was executed by the emergency subDAO at 11:00 UTC.
The next day, March 14, Euler took proactive measures to recover funds, which involved disabling its vulnerable etoken module and donation function as the first course of action. In addition, it worked with auditing companies to analyze the root cause of the exploit.
One of our auditing partners, @Omniscia_sec, prepared a technical post-mortem and analysed the attack in great detail. You can read their report here:https://t.co/u4Z2xdutweIn short, the attacker exploited vulnerable code which allowed it to create an unbacked token debt…
Parallely, Euler tried contacting the hackers to negotiate a bounty. On March 15, the hacker received an ultimatum to return 90% of the stolen funds and threatened to announce a $1 million reward for information that
Read more on cointelegraph.com
