Euler Finance opens redemptions after hacker returns funds

The Ethereum lending protocol was exploited in a $197 million flash loan attack in March.

On April 12, Ethereum-based noncustodial lending protocol Euler Finance announced that it would open redemptions after hackers returned the vast majority of assets stolen in a $197 million flash loan exploit last month.

Euler says it will repay all sub-account liabilities at the block the protocol was disabled on March 13. The on-chain price oracle, provided by either Uniswap or Chainlink, will determine the Ether (ETH) value of assets and liabilities. The company explained:

"Markets that have bad debt in excess of reserves (a few long-tail markets that suffered oracle attacks) will have the bad debt proportionally distributed amongst depositors in the market."

Euler has created a smart contract containing funds for all exploited addresses, with an embedded Merkle Tree. In order for redemptions to be processed, users' addresses need to pass the Merkle proof of validity and "an acceptance token that is individually computed for each account, and confirms that the account holder agrees with the terms and conditions."

Magazine: Should crypto projects ever negotiate with hackers? Probably

On April 4, the Euler Finance hacker returned nearly all recoverable funds following an ultimatum from project developers to either return 90% of stolen assets or face legal action. Following a brief lapse in communication, Euler launched a $1 million bounty for information leading to the whereabouts of the stolen funds and the hacker's identity, which prompted the latter to return assets. In addition, a user convinced the hacker that he had lost his life savings due to the exploit, which prompted the hacker to return 100 ETH to the individual, who subsequently donated 12 ETH to the Euler treasury.

Redemptions open at 2:00 UTC.

Check your redemption numbers:https://t.co/fAJr5Qdv1w

Check out the redemption plan: https://t.co/riAcyz8Wf0
— Euler Labs (@eulerfinance) April 12, 2023

A total of 95,556 ETH and 43 million DAI U.S. dollar stablecoin have been recovered, with the amount being higher than the initial exploited total due to the rising price action of Ether within the past month. Additionally, 1,100 units of the exploited Ether were labeled irrecoverable after the hacker sent the coins to cryptocurrency mixer Tornado Cash.

Euler Finance’s offer to hacker: Keep M or face the law

attack

The hacker committed a $196 million flash loan attack on the Ethereum-based lending protocol on March 13.

Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.

Euler Labs sent its ultimatum to the flash loan attacker who exploited the platform for $196 million by transferring the hacker 0 Ether (ETH) with an attached message on March 14:

“Following up on our message from yesterday. If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and the return of all funds.”

euler just sent an on-chain message to the hacker pic.twitter.com/0wKIW51NjM
— 0xngmi (llamazip arc) (@0xngmi) March 14, 2023

The threat of law enforcement comes as Euler sent the hacker a much more civil message the day before.

“We understand you are responsible for this morning’s attack on the Euler platform,” it read. “We are writing to see whether you would be open to speaking with us about any potential next steps.”

The request for a 90% fund return would see the hacker send back $176.4 million while holding onto the remaining $19.6 million.

However, many observers have noted that the hacker has very little to no incentive to follow through with the deal.

Look over your shoulder for the rest of your life, or take a $20m deal. No brainer.

Although, they could easily be state actors and aren’t really worried about low levels feds. https://t.co/i5zUSDqFca
— drnick ️² (@DrNickA) March 15, 2023

“If I was the hacker I’d simply say ‘to anyone who manages to track me down, I will give you $2 million not to tell Euler,’” one observer said.

“Yeh he has 200 Million they have 2 Million. He wins in a bidding war,” another Twitter user wrote in response.

Euler Labs said it was already working with law enforcement in the United States and the United Kingdom, along with engaging blockchain intelligence platforms Chainalysis, TRM Labs and the broader Ethereum community, to help track down the hacker.

An update on our work today to recover funds for Euler protocol users.

Here are a few actions we took immediately:

1. Stopped the direct attack as soon as possible by helping disable the EToken module, which blocked deposits and the vulnerable donation function

2. Engaged TRM… https://t.co/6ZClE9uGoH
— Euler Labs (@eulerfinance) March 14, 2023

The lending platform added it was able to promptly stop the flash loan attack by blocking deposits and the “vulnerable” donation function.

As for the exploited code, the team explained that the vulnerability “was not discovered” in the audit of its smart contract, which had existed on-chain for eight months until bei exploited on March 13.

Euler Labs works with various security groups to perform audits of the Euler Finance protocol.

While the vulnerable code was reviewed and approved during an outside audit, the vulnerability was not discovered as part of the audit.

The vulnerability remained on-chain for eight… https://t.co/M3PYSOwHhL
— Euler Labs (@eulerfinance) March 14, 2023

Euler