Euler Finance hacked despite 10 audits in 2 years, says CEO

Ten separate audits conducted over a two-year period of the Ethereum-based lending protocol Euler Finance deemed it to be “nothing higher than low risk” and having “no outstanding issues” prior to it suffering from a $196 million attack.

In a series of tweets on March 17 Euler Labs CEO, Michael Bentley described the “hardest days” of his life after Euler’s $196 million flash loan attack on March 13.

He retweeted one user sharing information that Euler had 10 audits from 6 different firms, and commented that the platform “has always been a security-minded project.”

Blockchain security firms including Halborn, Solidified, ZK Labs, Certora, Sherlock and Omnisica conducted smart contract audits on Euler Finance from May 2021 to September 2022.

Halborn ranked its risk assessment by measuring the “likelihood of a security incident” and the impact it may have, with the risk level ranging from very low and informational, to critical – Euler received “nothing higher than low risk.”

It was revealed in a Dec. 2022 summary of Halborn’s audit that it had found “an overall satisfactory result.”

The summary stated 23 smart contracts were “inspected and analyzed” by Halborn over a one-month period, of which only “two low risks and three informational” risks were identified.

Euler stated it had reviewed Halborn’s coverage and concluded the risks “pose no significant threats.”

Blockchain security firm Omnisica addressed some “incorrect paradigms” in Euler’s base swapper implementation, as well as how the swap mode was “handled by the codebase” – but stated in the report that these issues were “properly dealt” with by Euler, and “no outstanding issues” remained.

Related:Euler Finance blocks vulnerable module, working on recovering funds

On March 16 the protocol’s hacker began moving funds through crypto mixer Tornado Cash only hours after a $1 million bounty was launched by Euler for information leading to the hacker’s arrest.

In his recent Twitter thread Bentley said he’ll never “forgive the attacker” as he was forced to “sacrifice time” with his newborn son due to the attack but thanked security experts who are “working on leads” for the investigation.

Only 24 hours prior to the bounty, Euler issued a warning saying it would launch a one “that leads to your arrest and the return of all funds” if 90% wasn’t returned within 24 hours.

All Dutch and English crypto news!

Aussie crypto exchange hints interest in Hong Kong base, but it’ll depend

Australia-based crypto exchange Independent Reserve is looking at opportunities to set up shop in Hong Kong, as the city continues efforts to become a cryptocurrency...

Coinbase CEO on its Wells Notice: SEC is like soccer referees in a game of pickleball

Brian Armstrong, the CEO and co-founder of crypto exchange Coinbase has compared the Securities and Exchange Commission (SEC) to "soccer refs" in a game of...

CFTC’s tech committee gathered in DC to talk DeFi, here’s what was discussed

The United States commodities regulator has gotten a crash course on decentralized finance (DeFi) today, with crypto executives briefing the regulator on key issues affecting...

Bitcoin maakt duikeling nadat FED rente verhoogt

De Amerikaanse Federal Reserve besloot gisteren om de rente met 0,25 procentpunt te verhogen ondanks de onrust binnen de bankensector. Bitcoin en de rest van...

Beste exchanges

Koop je crypto bij Bitvavo