On March 15, Euler Finance, a lending protocol, suffered a $200 million hack. The hacker, who has yet to be identified, refused Euler Finance’s offer of a $20 million reward if they returned the stolen funds. Instead, the hacker mixed 1,000 ETH (worth $1.65 million) through Tornado Cash, making it almost impossible to track the IRL. However, the hacker did send 100 ETH to one of the victims who pleaded for their money back.
The attack originated from a vulnerability in the protocol’s donation mechanism that allowed the hacker to create an over-leveraged position that, when liquidated in the same block, artificially caused it to sink, keeping $200 million divided into DAI, USDC, WBTC, and ETH. This vulnerability was introduced in the last protocol update and was never analyzed.
At this point, it is unknown if the hacker intends to return the remaining ether to the protocol to avoid being hunted by white hackers, blockchain traceability companies, and even law enforcement. Euler Finance is now offering a reward of $1 million to anyone who provides information that leads to the capture of the hacker. It remains to be seen if the hacker will accept this offer or if they will remain anonymous.