It is the heaviest attack on a DeFi platform so far this year. The Euler lending platform was hacked today, Monday. The maneuver known as the “flash loan attack” stole $197 million in crypto assets. The platform tries to limit the damage.
Flash loan attack plunders Euler
It only lasted seconds: according to on-chain security firm Peckshield, the attacker used a “flood of transactions on Ethereum” to withdraw cryptocurrencies from the protocol. According to BlockSec it deducted $136 million in staked ether (StETH), $34 million in USDC, $19 million in wrapped bitcoin (WBTC), and $8.7 million in DAI. Overall, the damage is said to currently amount to 197 million US dollars.
“We are aware of this and our team is currently working with security professionals and law enforcement. We will release more information as soon as we have it.” Euler Labs commented on the incident on Twitter.
Flash loans are lightning loans that are taken out and returned within one transaction – without having to deposit collateral. This makes it possible to juggle with large sums that can put the liquidity of protocols under pressure.
Flash loans are mainly used for arbitrage trading, where large profits can be made in a short period of time through price differences. In the past, however, they have gained notoriety primarily through hacks on DeFi services. For example, the attack on the DeFi platform “PancakeBunny” in May 2021, in which $200 million was stolen. The platforms Warp Finance, bZX, Balancer, Origin Protocol, Akropolis and Harvest Finance were also affected.