After being robbed of $196 cardinal successful a flash indebtedness attack, Euler Finance has convinced its hacker to return astir of nan funds. The result resulted from galore back-and-forths complete 23 days, yet starring nan hacker to do “the correct thing.”

On March 13, nan Euler Finance hacker carried retired aggregate transactions, each draining millions of dollars successful various tokens, including Dai (DAI), USD Coin (USDC), staked Ether (StETH) and wrapped Bitcoin (WBTC).

Funds stolen from Euler Finance. Source: BlockSec

As a result, Euler’s full worth locked wrong its smart contracts has dropped from complete $311 cardinal to $10.37 million. Ultimately, 11 different decentralized finance (DeFi) protocols, including Balancer, Yearn.finance and Yield Protocol, either froze aliases mislaid funds.

At 10:00 UTC Balancer contributors became alert of an utilization connected Euler. It was wished nan champion people of action was to region and put into betterment mode bbeUSD (Euler Boosted USD) and each pools containing bbeUSD. This was executed by nan emergency subDAO astatine 11:00 UTC.

— Balancer (@Balancer) March 13, 2023

The adjacent day, connected March 14, Euler took proactive measures to retrieve funds, disabling its susceptible etoken module and aid usability arsenic nan first people of action. In addition, it worked pinch auditing companies to analyse nan guidelines origin of nan exploit.

One of our auditing partners, @Omniscia_sec, prepared a method post-mortem and analysed nan onslaught successful awesome detail. You tin publication their study here:https://t.co/u4Z2xdutwe In short, nan attacker exploited susceptible codification which allowed it to create an unbacked token debt…

— Euler Labs (@eulerfinance) March 14, 2023

At nan aforesaid time, Euler tried contacting nan hackers to discuss a bounty. On March 15, Euler gave nan hacker an ultimatum to return 90% of nan stolen funds, threatening to denote a $1 cardinal reward for accusation that could lead to nan hacker’s arrest. This woody would let nan hacker to get distant pinch $19.6 million.

The hacker, connected nan different hand, started moving costs astatine will. One unfortunate received 100 Ether (ETH) aft convincing nan hacker that his life savings were mislaid successful nan Euler hack. Over respective days, nan hacker returned the stolen funds, each varying successful value.

Amid nan chaos, Euler Labs CEO Michael Bentley revealed that 10 abstracted audits complete 2 years deemed nan protocol “nothing higher than debased risk” pinch “no outstanding issues.”

On March 21, Euler launched a $1 cardinal bounty reward against nan hacker aft being ghosted mid-conversation while trying to onslaught a deal. Starting connected March 25, the hacker started returning nan stolen assets successful ample numbers on aggregate occasions.

23 days aft nan hack, connected April 4, Euler Finance announced nan full imaginable betterment of nan mislaid funds, frankincense ending nan $1 cardinal bounty. “Because nan exploiter did nan correct point and returned nan funds, and nan $1 cardinal reward run launched by nan Euler Foundation will nary longer beryllium accepting caller information,” nan protocol stated.

Because nan exploiter did nan correct point and returned nan funds, and nan $1 cardinal reward run launched by nan Euler Foundation will nary longer beryllium accepting caller information. Full specifications to travel tomorrow.

— Euler Labs (@eulerfinance) April 3, 2023

In nan last transactions, nan hacker sent 12 cardinal DAI and 10,580 ETH successful multiple transactions. The crypto organization applauded Euler Finance’s effort to retrieve costs and reconstruct investors’ confidence.

Gnosis, nan squad down Gnosis Safe multisig and Gnosis Chain, precocious launched a hash oracle aggregator to amended nan information of bridges by requiring much than 1 span to validate a withdrawal.

As Cointelegraph reported, over $2 cardinal was stolen from bridges successful 2021 and 2022, chiefly owed to bugs and wallet attacks.

