After twenty-three days that Euler Finance was drained of $196 million in a flash loan attack, the decentralized finance (DeFi) protocol has successfully recovered funds taken from the protocol after negotiations.
Following successful negotiations, all of the recoverable funds taken from the Euler protocol on March 13th have now been successfully returned by the exploiter.
— Euler Labs (@eulerfinance) April 3, 2023
While Euler Labs did not reveal the exact amount that was refunded by the hacker, it stated that the $1 million reward campaign launched by the Euler Foundation will no longer be accepting new information.
Because the exploiter did the right thing and returned the funds, and the $1 million reward campaign launched by the Euler Foundation will no longer be accepting new information.
Full details to follow tomorrow.
— Euler Labs (@eulerfinance) April 3, 2023
Recall that the Euler Finance hacker orchestrated a couple of transactions on March 13, which led to the draining of millions of dollars in various tokens comprising DAI, USD Coin, staked Ether (StETH), and wrapped Bitcoin (WBTC).
Euler Finance @eulerfinance is being attacked. It seems the attack continues and the total loss exceeds 190 million USD already. Will update the details later.
Check the first attack tx:https://t.co/KPF6zzfTUW https://t.co/PCb3CT803D pic.twitter.com/LZQTTMhLkh— MetaSleuth (@MetaSleuth) March 13, 2023
In light of the development, Euler’s total value locked inside its smart contracts dropped significantly from $311 million to $10.37 million.
Due to the unfortunate incident, more than 10 different decentralized finance (DeFi) protocols including Balancer, Yearn, finance and Yield farming Protocol either lost funds or paused transactions.
At 10:00 UTC Balancer contributors became aware of an exploit on Euler. It was determined the best course of action was to pause and put into recovery mode bbeUSD (Euler Boosted USD) and all pools containing bbeUSD. This was executed by the emergency subDAO at 11:00 UTC.
— Balancer (@Balancer) March 13, 2023
Meanwhile, Euler Finance took proactive steps on March 14 to recover stolen funds by disabling its vulnerable token module as well as the donation function.
In the same vein, it promptly entered into a partnership with auditing companies to identify the primary cause of the exploit.
The DeFi protocol also proposed a bounty to the hacker, stating that the hacker should return 90% of the stolen funds. Additionally, Euler Finance placed a $1 million reward for anyone that could provide information about the hacker.
Like Euler Finance, Like Allbridge
There are no mincing words that the recovery pattern between Euler Finance and Allbridge are similar.
On April 4, Allbridge protocol equally revealed that the hacker had returned $464,500 out of the $573K stolen funds. The remaining fund was given to the hacker as a bounty.
Update on the exploit
1/ Our team was contacted by the owner of https://t.co/EW1uxXBQpD.
1500 BNB was returned to our team. The remaining funds will be considered a white hat bounty to this person.
— Allbridge (@Allbridge_io) April 3, 2023
In the same vein, Euler Finance seems to have reached a truce with the hacker which led to the refund of the biggest part of the stolen funds.
While the recovery of stolen funds is a sign of relief to the affected teams and users, the increasing spate of bounty models should be discouraged in its entirety.
