Euler Finance blocks vulnerable module, working on recovering funds


Euler is working with law enforcement agencies and blockchain security firms to contact the exploiter and recover the funds 265 total views five total shares own this piece of History collect this article as an nft decentralized Finance defy lending protocol Euler Finance became a victim of a flash loan attack
On March 13th resulting in the biggest hack of crypto in 2023 so far The Lending protocol lost nearly 197 million dollars in the attack and impacted more than 11 other defy protocols as well on March 14 Euler came out with an update on the situation and notified its
Users that they had disabled the vulnerable edoken module to block deposits and the vulnerable donation function The Firm said that they work with various security groups to perform audits of its protocol and the vulnerable code was reviewed and approved during an outside audit the vulnerability was not discovered as
Part of the audit one of our auditing Partners at omnisha underscore SEC prepared a technical postmortem and analyzed the attack in great detail you can read their report here t.co u4z2x.way in short the attacker exploited vulnerable code which allowed it to create an unbacked token debt t.co
Fgnpq view Euler Labs at Euler Finance March 14 2023 the vulnerability remained on chain for eight months until it was exploited despite a one dollar Mill Sherlock an audit group that has worked with Euler Finance in the past verified the root cause of the exploit and helped Euler submit a claim
The audit protocol later voted on the claim for four dollars five million which passed and later executed a three dollars three million payout on March 14. in its analysis report the audit group noted a significant factor for the exploit a missing Health check-in donate to reserves a new function added in eip14
However the protocol stressed that the attack was still technically possible even before EIP 14. related more than 280 blockchains at risk of zero-day exploits worn security firm Sherlock noted that the Euler audit by watch pug in July 2022 missed the critical vulnerability that eventually led to the exploit in March 2023
Similarly Sherlock stands behind every auditor who reviewed Euler Sherlock initially worked with Etsy michelio to audit the first version of Euler in deck 2021 then with that shw 9453 to audit a very small update in Jan 2022 and finally with that watch pug underscore to audit EIP 14 in July 2022
Sherlock at Sherlock defe March 13 2023 Euler has also reached out to Leading on chain analytic and blockchain security firms such as trm Labs chain analysis and the broader Ed security community in a bid to help them with the investigation and recover the funds Euler notified that they are also trying
To contact those responsible for the attack in order to learn more about the issue and possibly negotiate a bounty to recover the stolen funds thanks for watching earn huge Returns on cryptocurrency sip checkout Link in description for more details Please Subscribe my channel to get more cryptocurrency news and updates
Euler Finance blocks vulnerable module, working on recovering funds
For Indians Invest in crypto currency SIP for huge returns check out link now https://tinyurl.com/EarnHugeReturns
#crypto #cryptocurrency #bitcoin #blockchain #litecoin #etherum #dogecoin #NFT #DeFi #ripple #altcoin #metaverse
FAIR-USE COPYRIGHT DISCLAIMER:
Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for “fair use” for purposes such as criticism, commenting, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use.
Euler is working with law enforcement agencies and blockchain security firms to contact the exploiter and recover the funds. 265 Total views 5 Total shares Own this piece of history Collect this article as an NFT Decentralized finance (DeFi) lending protocol Euler Finance became a victim of a flash loan attack on March 13, resulting in the biggest hack of crypto in 2023 so far. The lending protocol lost nearly $197 million in the attack and impacted more than 11 other DeFi protocols as well. On March 14, Euler came out with an update on the situation and notified its users that they had disabled the vulnerable etoken module to block deposits and the vulnerable donation function. The firm said that they work with various security groups to perform audits of its protocol, and the vulnerable code was reviewed and approved during an outside audit. The vulnerability was not discovered as part of the audit. One of our auditing partners, @Omniscia_sec, prepared a technical post-mortem and analysed the attack in great detail. You can read their report here:https://t.co/u4Z2xdutwe In short, the attacker exploited vulnerable code which allowed it to create an unbacked token debt… https://t.co/FGnPqvYUGB — Euler Labs (@eulerfinance) March 14, 2023 The vulnerability remained on-chain for eight months until it was exploited, despite a $1 million bug bounty in place. Sherlock, an audit group that has worked with Euler Finance in the past, verified the root cause of the exploit and helped Euler submit a claim. The audit protocol later voted on the claim for $4.5 million, which passed, and later executed a $3.3 million payout on March 14. In its analysis report, the audit group noted a significant factor for the exploit: a missing health check in “donateToReserves,” a new function added in EIP-14. However, the protocol stressed that the attack was still technically possible even before EIP-14. Related: More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm Sherlock noted that the Euler audit by WatchPug in July 2022 missed the critical vulnerability that eventually led to the exploit in March 2023. Similarly, Sherlock stands behind every auditor who reviewed Euler. Sherlock initially worked with @cmichelio to audit the first version of Euler in Dec 2021, then with @shw9453 to audit a very small update in Jan 2022, and finally with @WatchPug_ to audit EIP-14 in July 2022. — SHERLOCK (@sherlockdefi) March 13, 2023 Euler has also reached out to leading on-chain analytic and blockchain security firms, such as TRM Labs, Chainalysis and the broader ETH security community, in a bid to help them with the investigation and recover the funds. Euler notified that they are also trying to contact those responsible for the attack in order to learn more about the issue and possibly negotiate a bounty to recover the stolen funds.
source