Researchers Investigating $197 million heist from Euler Finance

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Mar 14, 2023 07:41 am PST

In the most recent flash loan attack to strike the sector, hackers reportedly stole $197 million in cryptocurrencies from the decentralized finance (DeFi) platform Euler Finance. Euler finance Labs did not answer requests for comment, but the attack was acknowledged on Monday morning. Law enforcement has been alerted about the event, according to a second statement that was issued in the afternoon.

“We are still looking into the fraudulent withdrawal of monies from the Euler finance protocol this morning. The Euler Labs team has contacted law police and shared information with them in an effort to try and recover the funds and figure out exactly what happened. The company stated that it has also worked with independent third-party auditors and security companies.

“Recovering cash for Euler protocol users is our top priority, and we are working as hard as we can to make that happen.” Flash loan attacks have been used to attack several platforms over the past two years. These attacks involve hackers borrowing money without requiring collateral and buying a sizable amount of a cryptocurrency.

To inflate its price artificially and then sell the coins before the loan is repaid and the borrower keeps any profit. According to researchers with the blockchain security firm CertiK, the hackers utilized six flash loan attacks to take the money.

They discovered two flaws in the Euler finance platform that made it vulnerable to this kind of assault and let the hackers bankrupt the system. The roughly $200 million hack, according to Certik, is more than double the sum lost in all cryptocurrency-related incidents put together so far this year.

In a flash loan assault in October, Mango Markets, a cryptocurrency trading platform, lost access to more than $100 million in cryptocurrencies. The FBI issued a warning on the use of flash loans attacks by attackers in a number of events affecting crypto platforms worldwide last year.

The Record also received confirmation from security researchers at PeckShield and BlocSec that a study of blockchain transactions reveals the staggering quantity of cryptocurrency that has been stolen.

A total of $135.8 million in Staked Ethereum (stETH), $33.8 million in USDC, $18.5 million in Wrapped Bitcoin (WBTC), and $8.7 million in the decentralized stablecoin DAI, according to the research firms, were taken. The hacker is thought to be holding the money at a number of addresses, as Certik pointed out to The Record.

On its website, Euler finance claimed to have employed six distinct security firms, including Certora, Halborn, Solidified, ZK Labs, Sherlock, Omniscia, and Pen Test Partners, to provide various audit and checking services.

What Can Companies Do To Stay Ahead?

The danger categories that influence financial services share the trait of preying on human weakness. Through more thorough training, insider threats, and accidental data leak can all be decreased.

Providing personnel with thorough security awareness training twice a year that goes beyond the fundamentals so they can recognize sophisticated threat techniques. Physical security, a wide range of social engineering techniques, signals of insider threat activity (as well as giving anonymous reporting options), and advanced phishing techniques should all be included in training. The training program should include specially created modules that discuss how to target each segment within the organization.

Security and IT staff must receive focused, in-depth training on cloud systems. Managed security services that offer 24/7 monitoring and response capabilities are a fantastic method to enhance smaller IT operations, but larger enterprises generally employ them as well due to the increasingly specialized skill sets needed in today’s environments.

Security assessments and penetration testing that are undertaken with the proper level of rigor can reveal gaps and assist prioritize investments in security.

Every industry has weaknesses, and they are all being attacked. Yet, due to the financial and data assets they oversee, financial services are suffering the most from attacks. Financial services businesses will be better able to withstand the cyber storm if they make sure that security investments are targeted in the appropriate places and that staff is trained.

Conclusion

In a persistent campaign, hackers are siphoning millions of dollars from the decentralized finance protocol Euler Finance. The biggest exploit in 2023 thus far occurred when $197 million worth of cryptocurrency was stolen. The thieves had taken over $200 million digital assets as of 10:45 a.m. UTC. According to Euler Finance, it is aware of the issue and is coordinating with law enforcement and security experts. The business stated, “We will release additional information as soon as we obtain it.

According to PeckShield, the incident involves two hackers who have started transferring around 100 ETH of the stolen money to the cryptocurrency mixer Tornado Cash. Slow Mist noted that the attackers’ wallet still holds the remaining stolen cryptocurrency. Renowned on-chain detective One of the attackers is “almost probably a black hat,” according to Zackxbt, because they were previously exploiting some random protocol called Fcdep.

Subscribe
Notify of
guest
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

0
Would love your thoughts, please comment.x
()
x