Euler Finance — flash-loan exploit

What happened

On 13 March 2023, an attacker exploited a vulnerability in Euler Finance’s lending protocol and drained approximately $197 million across six transactions. Affected assets included DAI, USDC, stETH, and WBTC. It was the largest DeFi exploit of 2023 at the time of occurrence.

Euler Labs immediately paused the protocol and began on-chain communication with the attacker, initially offering to let them retain 10% of the funds as a bug bounty if the remainder was returned promptly. After approximately three weeks of silence followed by a period of on-chain and possibly off-chain dialogue, the attacker returned all funds in three tranches. They identified themselves on-chain only as “Jacob” and sent a message stating “I’m sorry.” Euler distributed the recovered funds to users through a structured recovery process. The protocol relaunched with revised contracts six months later.

How it worked

Euler Finance was a permissionless lending protocol that allowed users to borrow assets against collateral. It used two token types to track positions: eTokens representing deposited collateral, and dTokens representing debt. To maintain solvency, the system required that any borrower’s collateral value, after applying a discount factor (the “liquidation loan-to-value ratio”), exceeded their debt at all times.

The vulnerability resided in a function called donateToReserves, which had been added to allow users to voluntarily contribute to the protocol’s reserve fund. The function transferred eTokens from the caller to the reserve without performing the standard health-check that would normally verify the caller’s position remained solvent after the transfer. This created an exploitable asymmetry: a user could borrow against collateral, then donate a portion of their collateral to the reserve, reducing their own collateral below the solvency threshold — something the protocol normally prevented — without triggering the health check.

The attacker combined this with Euler’s “soft liquidation” mechanism in a multi-step exploit. The sequence worked roughly as follows: take a large flash loan, deposit it into Euler to receive eTokens (collateral), mint the maximum allowed dTokens (debt) against that collateral to receive borrowed assets plus additional eTokens via Euler’s leverage mechanism, then call donateToReserves to transfer a large block of eTokens to the reserve while bypassing the health check. This left the position heavily undercollateralised. The attacker then used a second account to liquidate the first at the discounted rate Euler offered to liquidators — receiving more collateral value than the debt being retired, because the liquidation discount was applied to an artificially impaired position. The difference between the collateral received and the debt retired constituted the profit, amplified across six transactions.

This class of vulnerability — where a function that modifies a user’s position lacks the health check present in all other position-modifying functions — is sometimes called a “missing validation” flaw. The donateToReserves function was audited but the interaction between voluntary donation, position health, and the liquidation incentive structure was not fully modelled. The flaw had been flagged in an informal bug report in January 2023 but the report was not acted upon before exploitation.

Timeline

• January 2023 — An informal bug report describing a vulnerability in donateToReserves is submitted. Euler Labs does not fully act on the report before the exploit.
• 13 March 2023, 08:56 UTC — First of six exploit transactions executes. Approximately $197M is drained across multiple asset types.
• 13 March 2023, within hours — Euler Labs pauses the protocol. On-chain message sent to attacker’s address offering a 10% bounty for return of the remaining 90%.
• 14 March 2023 — Euler Labs deploys a fix to the vulnerable function. Protocol remains paused pending full audit.
• 15–17 March 2023 — Attacker moves some funds into Tornado Cash. On-chain messages from Euler Labs escalate; Euler contacts law enforcement.
• 18 March 2023 — Attacker sends 100 ETH to a wallet linked to a victim of a previous DeFi hack. Interpreted by observers as a signal of intent to negotiate.
• 25 March 2023 — First return tranche: attacker sends back $102M DAI.
• 27–28 March 2023 — Remaining tranches returned. Full $197M recovered.
• 31 March 2023 — On-chain message from attacker: “I’m sorry.” Euler Labs confirms all funds returned.
• September 2023 — Euler Finance relaunches with revised protocol architecture and additional audit coverage.

What defenders should learn

The donateToReserves vulnerability is a textbook example of a function that modifies protocol state without a corresponding invariant check. In DeFi lending protocols, the invariant “a user’s collateral, after discounting, must exceed their debt” must be enforced as a post-condition on every function that can affect that ratio — not just on the obvious ones like borrowing and withdrawing. The donate function modified the collateral side of the equation without checking the result. Auditors should approach any function that touches collateral or debt balances as a potential health-check bypass, regardless of how benign the function’s stated purpose appears.

The bug report lag is a separate governance failure. A researcher identified the vulnerability in January 2023, two months before exploitation. The report was not sufficiently prioritised. Protocols holding significant assets need triage processes that can evaluate the severity of reported vulnerabilities quickly — ideally within 24 to 72 hours — and escalate to emergency patch procedures if a critical finding is confirmed. A two-month lag from report to exploitation is a recoverable scenario only in retrospect; during those two months the protocol was fully exposed.

The return of funds in this case, as with Poly Network, was partially shaped by the practical difficulty of laundering $197 million in tracked on-chain assets. Euler Labs’ combination of aggressive on-chain communication, law enforcement involvement, and a credible offer of legal non-pursuit in exchange for return appears to have been effective. The case is useful evidence that the negotiation playbook — offer a bounty, engage publicly, involve law enforcement — can work even after funds have begun moving through mixers. It should not, however, inform the design of the protocol: security architecture cannot depend on post-exploitation negotiation as a recovery mechanism.