CertiK Alert has warned users of Euler Finance to be wary of phishing sites exploiting the latest security incident that cost the lender $197 million.
CertiK Skynet, a major web3 security role player and real-time analyst of crypto hacks, scams, and flash loans, on March 14, advised users to stay clear of eulerrefunds.com and other phishing sites luring customers to more losses after the compromise of Euler Finance.
The site mentioned above is masquerading as an Euler Finance partner, offering refunds to those who lost funds in the recent attacks.
Euler Finance $197 Million Hack
The CertiK Skynet alert came after major DeFi Lender, Euler Finance, suffered a hack and lost $197 million in staked ether (ETH) and stablecoins to the hacker.
This siphoning incident is the largest hack in the digital assets industry in 2023. It is reported that $135 million of the loot was held in Ether tokens (stETH), and the rest were staked in stablecoins, DAI, USDC, and wrapped Bitcoin.
Blocksec, a security firm looking into the case, said that part of the loot is already being laundered through Tornado Cash, an open-source, virtual currency mixer that allows users to alter their transaction history.
Data from DeFiLlama indicates that the March 13 morning incident nearly cleared Euler’s on-chain value, leaving the company with only $9.7 million.
Euler Finance permits traders to borrow and lend crypto assets in large batches through automated services without human intervention.
The attack led to the Euler Finance protocol, EUL token, decline by more than 50% to a new low of $2.88.
Omniscia technical analysis
Euler tweeted that the company was aware of the compromise, and the security team was working with professionals and law enforcers and promised to give more information later. The company collaborated with Omniscia to develop a technical analysis and postmortem on the attack.
Omniscia is a company of web 3 security researchers and engineers who are well-versed in securing and optimizing complex blockchain networks and smart contracts.
The hacker took advantage of a vulnerable code and created an unbacked token debt by bestowing funds to the protocol’s reserves. The hacker later liquidated the hidden accounts and reaped the liquidation bonuses.
Euler Finance also worked with other security groups to audit their protocol and establish a deeper basis for the hacking incident.
The compromised code had been audited and approved eight months ago, and the vulnerability was not discovered until the hack.
In collaboration with Euler, Sherlock got to the root of the hack and helped the company submit a claim.
Euler gave updates on the hack from the Omniscia report with deliberate actions to recover funds for the affected Euler protocol users.
Euler immediately disabled the EToken module to stop the direct attacks and block the vulnerable donation function and deposits.
The company also brought Chainalysis, TRM Labs, and the greater ETH security team to chip into the investigation and develop ways to recover the lost funds.
In addition, Euler notified the UK and US law enforcers and contacted the individual behind the attack to shed more light on their options.
Molly White: Euler hack is the biggest one yet
According to crypto critic Molly White, who documents various cyberattacks and frauds on her blog titled “Web3 is Doing Just Fine”, the breach on Euler was the most significant this year.
White placed the event at number eight on the all-time list of the greatest thefts; nevertheless, it is dwarfed by the worst frauds in the cryptocurrency industry, some of which have gone into the billions of dollars.
At the beginning of the previous year, the market for cryptocurrencies and digital tokens was reportedly worth hundreds of millions of dollars, contributing to the industry’s development.
As part of their efforts to attract new investors from the general population, firms dealing in cryptocurrencies began running advertisements on television, sponsoring sports teams and promoting the revolutionary potential of their underlying technology.
Nevertheless, the industry has been decimated due to a severe economic crisis, widespread criminal activity, increased scrutiny from regulatory agencies, and the failure of some prominent businesses.