Euler Finance, an Ethereum-based lending protocol, underwent 10 audits from six totally different blockchain safety corporations between Might 2021 and September 2022. The audits ranked the chance evaluation of the platform, measuring the “chance of a safety incident” and the impression it could have. The danger stage for Euler ranged from very low and informational to crucial, with none deemed “nothing larger than low threat” with “no excellent points.” Regardless of the intensive audits, Euler suffered a $196 million flash mortgage assault on March 13, 2023.
In response to the assault, Euler Labs CEO Michael Bentley described it because the “hardest days” of his life in a collection of tweets on March 17. He retweeted a consumer sharing data that Euler had undergone ten audits, commenting that the platform “has all the time been a security-minded mission.” Euler had additionally issued a warning solely 24 hours earlier than launching a $1 million bounty for data resulting in the hacker’s arrest, stating that it might launch a bounty “that results in your arrest and the return of all funds” if 90% of the funds weren’t returned inside 24 hours.
Regardless of the audits, Euler’s attacker started shifting funds by means of crypto mixer Twister Money on March 16, solely hours after the bounty was launched. In his Twitter thread, Bentley expressed his frustration on the assault and the sacrifices he needed to make because of this, together with time together with his new child son. Nevertheless, he additionally thanked the safety specialists who’re “engaged on leads” for the investigation.
Whereas some blockchain safety corporations, equivalent to Omnisica, discovered and addressed some “incorrect paradigms” in Euler’s base swapper implementation and the way the swap mode was “dealt with by the codebase,” the audits concluded that Euler had “correctly dealt” with these points, with “no excellent points” remaining. Halborn’s audit abstract in December 2022 additionally said that it had discovered “an total passable end result.”
In conclusion, Euler Finance’s 10 audits from six totally different blockchain safety corporations in two years didn’t stop a $196 million flash mortgage assault. Regardless of the audits deeming the platform “nothing larger than low threat” with “no excellent points,” the attacker was capable of transfer the funds by means of crypto mixer Twister Money solely hours after Euler launched a $1 million bounty for his or her arrest. The investigation into the assault is ongoing.
