On April 12, Euler Finance, an ethereum-based non-custodial lending protocol, announced that it would open for redemptions after hackers returned the vast majority of assets stolen in last month’s $197 million flash loan breach.
Euler said it will repay all subaccount liabilities on March 13, the block when the protocol was disabled. On-chain price oracles provided by Uniswap or Chainlink will determine Ether. The value of assets and liabilities. The company explained: “Markets where bad debts exceed reserves (some long-tail markets that suffer from oracle attacks) will distribute bad debts proportionally among market depositors.”
Euler created a smart contract that contained funds from all exploited addresses, with an embedded Merkle tree. In order to process a redemption, the user's address needs to pass a Merkle proof of validity and "an acceptance token calculated individually for each account and confirming that the account holder agrees to the terms and conditions." On April 4, Euler Finance hackers returned almost all recoverable funds following an ultimatum from the project’s developers, either returning 90% of the stolen assets or facing legal action. After a brief miscommunication, Euler offered a $1 million reward for information on the whereabouts of the stolen funds and the identity of the hackers, prompting the latter to return the assets. Additionally, a user led the hacker to believe he had lost his life savings due to the bug, prompting the hacker to return 100 ETH to the individual, who then donated 12 ETH to the Euler treasury.
A total of 95,556 ETH and 43 million DAI has been withdrawn, due to the price increase of ether in the past month, the amount is higher than the original mined amount. Additionally, 1,100 ETH was marked as unrecoverable after hackers sent the coins to cryptocurrency mixer Tornado Cash.
