Euler's $4M investment and extensive audits highlight the increasing prioritization of security in the evolving DeFi landscape.
The post Euler allocates $4M for security, conducts 29 code audits to safeguard v2 appeared first on Crypto Briefing.
Euler's $4M investment and extensive audits highlight the increasing prioritization of security in the evolving DeFi landscape.
The post Euler allocates $4M for security, conducts 29 code audits to safeguard v2 appeared first on Crypto Briefing.
The US Justice Department’s top crypto cop said that it was a “pretty significant issue” given the rise of North Korean “state-sponsored hackers.”
The United States Justice Department’s crypto enforcement team is cracking down on Decentralized Finance (DeFi) hackers and exploiters, amid a four-year rise in illicit crypto activity.
In a Financial Times report published on May 15, Eun Young Choi, director of the U.S. Department of Justice (DOJ) national cryptocurrency enforcement team (NCET), stated that the department is focusing on thefts and hacks involving DeFi and “particularly chain bridges.”
Choi said it was a “pretty significant issue” for the DOJ given North Korean “state-sponsored hackers” have emerged as “key actors in this space.”
North Korean hackers stole an estimated range of between $630 million to more than $1 billion of crypto assets in 2022, Cointelegraph reported in February.
The DOJ announced Choi – a prosecutor with nearly a decade of experience in the DOJ — as the first director of the NCET in February 2022.
At the time, a statement from the department explained that the NCET will serve as a “focal point” for the DoJ in tackling cryptocurrency, cybercrime, money laundering, and forfeiture.
Justice Department Announces First Director of National Cryptocurrency Enforcement Teamhttps://t.co/PvJ6iRDQ8P
— Justice Department (@TheJusticeDept) February 17, 2022
While the DOJ highlighted that “mixing and tumbling services” would be a particular focus for the agency, it did not specifically mention anything in regard to DeFi platforms at the time.
Choi, who also recently spoke at the Financial Times Crypto and Digital Assets Summit, reaffirmed that the DOJ is after crypto firms that either commit the crime or turn a blind eye to "obscure the trail of transactions." She noted:
“The DoJ is targeting companies that commit crimes themselves or allow them to happen, such as enabling money laundering.”
She explained that by going after the source, the platform itself, it will have a “multiplier effect” in terms of stopping “criminal actors to easily profit from their crimes.”
Choi further emphasized the “scale and the scope of digital assets being used in a variety of illicit ways” has grown significantly over the last four years.
Related: DeFi sees its biggest hack in 2023 as Euler loses $197M: Finance Redefined
DeFi platforms have experienced a string of attacks in recent times.
The biggest DeFi hack so far this year was reported on March 13, with Euler Finance facing a flash loan attack with over $196 million in DAI, USDC, staked Ether (StETH) and Wrapped Bitcoin (WBTC) stolen.
Meanwhile, in November 2022 DeFi trading platform Mango Markets saw an exploiter allegedly take advantage of their low liquidity to “drain funds.”
Essentially the hacker deposited $5 million of his own money into the platform to drive up the price of MNGO from $0.03 to $0.91 to increase their MNGO holdings to $423 million.
From there, the exploiter was able to acquire a loan for $116 million using several tokens on the platform, including Bitcoin (BTC), Solana (SOL) and Serum (SRM), as a result, the loan eliminated the entire liquidity of Mango Markets.
Three weeks after breaching the Ethereum (ETH)-based lending protocol Euler Finance, the hacker who siphoned nearly $200 million worth of crypto from the platform has returned the stolen assets. On March 13th, Euler fell victim to a flash loan attack and lost 96,833 Ethereum worth around $166 million at the time of the incident and […]
The post $200,000,000 in Stolen Crypto Recovered by DeFi Platform After Community-Led Investigation appeared first on The Daily Hodl.
Euler Labs CEO Michael Bentley stated he will “never forgive” the hacker as the exploit caused him to lose time with his newborn son.
Ten separate audits conducted over a two-year period of the Ethereum-based lending protocol Euler Finance deemed it to be “nothing higher than low risk” and having “no outstanding issues” prior to it suffering from a $196 million attack.
In a series of tweets on March 17 Euler Labs CEO, Michael Bentley described the “hardest days” of his life after Euler’s $196 million flash loan attack on March 13.
He retweeted one user sharing information that Euler had 10 audits from 6 different firms, and commented that the platform “has always been a security-minded project.”
Euler has always been a security-minded project. The Euler smart contracts, including the vulnerable lines of code, were audited.https://t.co/SvNeoKEGuY
— Michael Bentley (@euler_mab) March 16, 2023
Blockchain security firms including Halborn, Solidified, ZK Labs, Certora, Sherlock and Omnisica conducted smart contract audits on Euler Finance from May 2021 to September 2022.
Halborn ranked its risk assessment by measuring the “likelihood of a security incident” and the impact it may have, with the risk level ranging from very low and informational, to critical — Euler received “nothing higher than low risk.”
It was revealed in a Dec. 2022 summary of Halborn’s audit that it had found “an overall satisfactory result.”
The summary stated 23 smart contracts were “inspected and analyzed” by Halborn over a one-month period, of which only “two low risks and three informational” risks were identified.
Euler stated it had reviewed Halborn’s coverage and concluded the risks “pose no significant threats.”
Blockchain security firm Omnisica addressed some “incorrect paradigms” in Euler’s base swapper implementation, as well as how the swap mode was “handled by the codebase” — but stated in the report that these issues were “properly dealt” with by Euler, and “no outstanding issues” remained.
Related: Euler Finance blocks vulnerable module, working on recovering funds
On March 16 the protocol’s hacker began moving funds through crypto mixer Tornado Cash only hours after a $1 million bounty was launched by Euler for information leading to the hacker’s arrest.
In his recent Twitter thread Bentley said he’ll never “forgive the attacker” as he was forced to “sacrifice time” with his newborn son due to the attack but thanked security experts who are “working on leads” for the investigation.
Only 24 hours prior to the bounty, Euler issued a warning saying it would launch a one “that leads to your arrest and the return of all funds” if 90% wasn’t returned within 24 hours.
Before the move, the hacker apparently refunded at least one victim, leading to a slew of on-chain messages from other purported victims.
The hacker responsible for the $196 million attack on Euler Finance has begun moving funds into crypto mixer Tornado Cash, only hours after a $1 million bounty was launched to uncover the hacker's identity.
Blockchain analytics firm PeckShield tweeted on March 16 that the exploiter behind the flash loan attack on the Ethereum noncustodial lending protocol was “on the move.”
The exploiter transferred 1,000 Ether (ETH), approximately $1.65 million, through sanctioned crypto mixer Tornado Cash.
#PeckShieldAlert @eulerfinance exploiter on the move
— PeckShieldAlert (@PeckShieldAlert) March 16, 2023
~1,000 $ETH into Tornado Cash through intermediary address 0xc66d...c9ahttps://t.co/LAkY66YpoF pic.twitter.com/0XhQV1nbgn
It comes only hours after Euler Labs tweeted it's launching a $1 million reward for information leading “to the Euler protocol attacker’s arrest and the return of all funds.”
Just a day earlier, Euler sent an on-chain message to the exploiter's address on March 14 warning it would launch a bounty “that leads to your arrest and the return of all funds” if 90% wasn't returned within 24 hours.
The movement of the funds to the crypto mixer could indicate that the hacker is not being swayed by Euler's amnesty offer.
Peckshield noted that around 100 ETH, worth $165,202 at the time of writing, was sent to a wallet address that is likely owned by one of the victims. An on-chain message sent by the wallet address had earlier pleaded for the attacker for the return of their "life savings."
WOW!@eulerfinance Exploiter returned 100 $ETH to some guy who begged him for the money back as it was his life savingshttps://t.co/Gz9aCUZB0H pic.twitter.com/DhZBenqtuS
— Wazz (@WazzCrypto) March 16, 2023
This led to a slew of other victims sending messages to the address in hopes of also getting their funds returned.
Related: Euler attack causes locked tokens, losses in 11 DeFi protocols, including Balancer
One message stated they “are twenty-six families from jobless rural areas,” who lost “a million USDT in total,” adding their share of funds in the protocol was the “life-savings from our past decades of work in factories.”
Another apparent victim messaged the attacker congratulating them on the “big win” and said they invested funds into Euler they “desperately needed” for a house.
“My wife is going to kill me if we can’t afford our house [...] Is there anyway [sic] you can help me? I have no idea what to tell my wife,” they wrote.
According to on-chain data, the $196 million stolen from Euler consisted of Dai (DAI), USD Coin (USDC), staked ETH and wrapped Bitcoin (WBTC).
A hacker exploited the decentralized finance (DeFi) platform Euler Finance early Monday morning and stole around $200 million worth of crypto, according to the blockchain security firm SlowMist. Euler Finance, a non-custodial lending protocol built on Ethereum (ETH), acknowledged the hack on Monday, noting that it was working with law enforcement and independent auditors and […]
The post Nearly $200,000,000 Worth of Crypto Hacked From DeFi Platform Euler Finance appeared first on The Daily Hodl.