The 10 audits over the last 2 years concluded that Euler Finance had no issues and faced no threats prior to suffering a $196 million attack. The CEO of the Ethereum-based lending platform, Michael Bentley, took to Twitter and expressed how the exploit led to the hardest days of his life. Similarly, he shared a moment of gratitude towards the security experts working on the investigation. It was mentioned that Euler has always been a security-minded project. The entirety of the smart contracts of Euler Finance, including lines of codes were repeatedly audited.
A few words about recent events.
These have been the hardest days of my life and I’m absolutely devastated for everyone who’s been affected.
— Michael Bentley (@euler_mab) March 16, 2023
A total of six firms conducted 10 audits of Euler Finance from May 2021 to September 2022. The firms that conducted smart contract audits include Halborn, Solidified, ZK Labs, Certora, Sherlock, and Omnisica. Halborn ranked its risk assessment by measuring the possibility of a security incident, and the results it might impose. In a summary of Halborn’s audit, it was said that it was satisfied with the results.
The summary mentioned that a total of 23 smart contracts were analyzed over the time-frame of a month. Similarly, two low risks and three informational risks were identified. Furthermore, Omnisica highlighted a few incorrect paradigms in the swapper implementation of Euler Finance. At the same time, it also mentioned how the swap mode was handled by the codebase. Additionally, the report by the firm stated that Euler Finance took care of these issues, with no further issues remaining.
Euler Finance Offers a $1M Reward To Trace the Hacker
After the exploit, Euler Finance stated that it would offer a $1M reward to anyone who gave information about the hacker. In his tweet, Bentley stated he would not forgive the hacker as he had to sacrifice time with his newborn son. In on-chain messages sent from Euler’s deployer contracts, it was mentioned that the $1M reward would be launched if 90% of the stolen funds are not returned in 24 hours.
The attacker used a flash loan by tricking the protocol into believing that it held varying amounts of eTokens and dTokens. After the $200M exploit, the hacker has mixed 1,000 ETH through Tornado Cash. The hacker denied the bounty offer of $20M by Euler Finance. The hacker also sent 100 ETH back to a user who lost all their funds amid the exploit.
As long as the native token of Euler Finance is concerned, its decline has been evident for the second day. At the time of writing, Euler has witnessed a decline of 14.50% in the last 24 hours. The token is trading for $1.87 and has a market cap of $17.7 million.