Euler Labs Hacker Returns All Recoverable Funds: A Comprehensive Timeline

Euler Labs Hacker Returns All Recoverable Funds: A Comprehensive Timeline

Euler Finance, a decentralized finance (DeFi) protocol, was robbed of $196 million in a flash loan attack. However, after 23 days of negotiations and efforts, Euler Finance managed to convince the hacker to return most of the funds. Here is a comprehensive timeline of events that led to the recovery of the lost funds:

March 13: The Hack

The Euler Finance hacker carried out multiple transactions, each draining millions of dollars in various tokens, including Dai (DAI), USD Coin (USDC), staked Ether (StETH), and wrapped Bitcoin (WBTC). Consequently, Euler’s total value locked inside its smart contracts dropped from over $311 million to $10.37 million. Eleven different DeFi protocols, including Balancer, Yearn.finance, and Yield Protocol, either froze or lost funds.

March 14: Recovery Measures

Euler took proactive measures to recover funds by disabling its vulnerable etoken module and donation function. It also worked with auditing companies to analyze the root cause of the exploit.

March 15: The Ultimatum

Euler tried contacting the hackers to negotiate a bounty. On March 15, the protocol gave the hacker an ultimatum to return 90% of the stolen funds, threatening to announce a $1 million reward for information that could lead to the hacker’s arrest. This deal would allow the hacker to get away with $19.6 million.

March 21: The $1 Million Bounty

Euler launched a $1 million bounty reward against the hacker after being ghosted mid-conversation while trying to strike a deal.

March 25: The Hacker’s Return

Starting on March 25, the hacker started returning the stolen assets in large numbers on multiple occasions.

April 4: Recovery Announcement

23 days after the hack, on April 4, Euler Finance announced the total possible recovery of the lost funds, thus ending the $1 million bounty. In the final transactions, the hacker sent 12 million DAI and 10,580 ETH in multiple transactions.

The crypto community applauded Euler Finance’s effort to recover funds and restore investors’ confidence. However, it’s worth noting that the protocol was previously audited ten times over two years, and all audits deemed it “nothing higher than low risk” with “no outstanding issues.”

Gnosis, the team behind Gnosis Safe multisig and Gnosis Chain, recently launched a hash oracle aggregator to improve the security of bridges by requiring more than one bridge to validate a withdrawal. Over $2 billion was stolen from bridges in 2021 and 2022, mainly due to bugs and wallet attacks.

Conclusion

Despite the security breach, Euler Finance was successful in recovering most of the stolen funds. It’s a testament to the effectiveness of the decentralized finance system, and how it can quickly adapt to changing circumstances to protect users’ assets.