After $196 million was stolen in a flash loan attack, Euler Finance has convinced hackers to return most of the funds. The results came from multiple back-and-forths over 23 days, culminating in the hackers doing "the right thing."
On March 13, Euler Finance hackers conducted multiple transactions that each drained millions of dollars in various tokens, including Dai (DAI), USD Coin (USDC), staked Ether (StETH), and wrapped Bitcoin (WBTC). As a result, Euler’s total value locked in its smart contracts dropped from over $311 million to $10.37 million. Ultimately, 11 different decentralized finance (DeFi) protocols, including Balancer, Yearn.finance, and Yield Protocol, froze or lost funds.
At 10:00 UTC Balancer contributors became aware of the Euler exploit. Determined the best course of action was to suspend and enter recovery mode bbeUSD (Euler Boosted USD) and all pools containing bbeUSD. This was performed by the emergency subDAO at 11:00 UTC.
The next day, March 14, Euler took proactive steps to recover the funds, starting by disabling its vulnerable etoken module and donation functionality. Additionally, it works with audit firms to analyze the root cause of the exploit. Meanwhile, Euler tried to contact the hackers to negotiate a bounty. On March 15, Euler issued an ultimatum to the hackers, demanding that they return 90% of the stolen funds and threatening to announce a $1 million reward for information that could lead to their arrest. The deal would have allowed hackers to get away with $19.6 million in losses.
On the other hand, hackers started moving funds at will. A victim has received 100 ether (ETH) after convincing hackers his life savings were lost in the Euler hack. Days later, the hackers returned the stolen funds, each of varying value.
Amid the confusion, Euler Labs CEO Michael Bentley revealed that ten independent audits over two years had found the agreement to be "no higher than low risk" with "no outstanding issues".
On March 21, Euler put a $1 million reward on the hacker after he was ghosted in a conversation while trying to seal the deal. Beginning on March 25, the hackers began returning the stolen assets in large numbers several times. On April 4, 23 days after the hack, Euler Finance announced the possible recovery of all lost funds, thus ending the $1 million bounty. "Because the exploiters did the right thing and returned the funds, the Euler Foundation's $1 million bounty campaign will no longer accept new information," the agreement said.
In the final transaction, the hacker sent 12 million DAI and 10,580 ETH in multiple transactions. The cryptocurrency community applauded Euler Finance's efforts to recover funds and restore investor confidence. Gnosis, the team behind Gnosis Safe multisig and Gnosis Chain, recently launched a hash oracle aggregator that improves bridge security by requiring multiple bridges to verify withdrawals. As Cointelegraph reported, over $2 billion will be stolen from bridges in 2021 and 2022, mostly due to breaches and wallet attacks.
