Euler Finance hacked regardless of 10 audits in 2 years, CEO says loanread cryptocurrency information
Ten separate audits carried out over a two-year interval of Ethereum-based lending protocol Euler Finance deemed it “nothing increased than low threat” and had “no excellent points” earlier than it suffered a $196 million assault.
In a collection of tweets on March 17, Euler Labs CEO Michael Bentley described the “hardest days” of his life after Euler’s $196 million flash mortgage assault on March 13.
He retweeted a consumer who shared info that Euler had 10 revisions from 6 totally different companies, commenting that the platform “has at all times been a security-oriented undertaking.”
Euler has at all times been a security-oriented undertaking. Euler’s sensible contracts, together with the susceptible traces of code, have been revised.https://t.co/SvNeoKEGuY
— Michael Bentley (@euler_mab) March 16, 2023
Blockchain safety companies together with Halborn, Solidified, ZK Labs, Certora, Sherlock and Omnisica carried out sensible contract audits at Euler Finance from Might 2021 to September 2022.
Halborn graded his threat evaluation by measuring the “chance of a safety incident” and the impression it might have, with the extent of threat starting from very low and informative to crucial – Euler acquired “nothing increased than low threat.”
It was revealed in December 2022 abstract of Halborn’s audit that it had discovered “a usually passable consequence.”
The abstract stated 23 sensible contracts have been “inspected and analyzed” by Halborn over a interval of 1 month, of which solely “two low threat and three info dangers” have been recognized.
Euler acknowledged that it had reviewed Halborn’s protection and concluded that the danger “doesn’t pose any important threats.”
Blockchain safety agency Omnisica addressed some “mistaken paradigms” in Euler’s base swapper implementation, in addition to how the swap mode was “dealt with by the codebase” – however acknowledged within the report that these points have been “correctly dealt with” by Euler, and “no excellent points” remained.
Associated: Euler Finance blocks susceptible module and works to get better funds
On March 16, the protocol’s hacker started transfer funds by way of cryptomix Twister Money simply hours after one 1 million {dollars} in bounty was launched by Euler for info that led to the hacker’s arrest.
In his latest Twitter thread, Bentley stated he won’t ever “forgive the attacker” as he was compelled to “sacrifice time” together with his new child son due to the assault, however thanked safety consultants “engaged on leads” for the investigation.
Simply 24 hours earlier than the bounty, Euler issued a warning saying it could launch one “resulting in your arrest and refund of all funds” if 90% was not returned inside 24 hours.
