Decentralized finance (DeFi) lending protocol Euler Finance grew to become a sufferer of a flash mortgage assault on March 13, ensuing within the biggest hack of crypto in 2023 to this point. The lending protocol misplaced practically $197 million within the assault and impacted greater than 11 other DeFi protocols as well.

On March 14, Euler got here out with an replace on the scenario and notified its customers that they’d disabled the susceptible etoken module to dam deposits and the susceptible donation perform.

The agency mentioned that they work with numerous safety teams to carry out audits of its protocol, and the susceptible code was reviewed and authorised throughout an outdoor audit. The vulnerability was not found as a part of the audit.

The vulnerability remained on-chain for eight months till it was exploited, regardless of a $1 million bug bounty in place.

Sherlock, an audit group that has labored with Euler Finance prior to now, verified the foundation reason behind the exploit and helped Euler submit a declare. The audit protocol later voted on the declare for $4.5 million, which handed, and later executed a $3.3 million payout on March 14.

In its evaluation report, the audit group famous a big issue for the exploit: a lacking well being verify in “donateToReserves,” a brand new perform added in EIP-14. Nonetheless, the protocol harassed that the assault was nonetheless technically doable even earlier than EIP-14.

Associated: More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm

Sherlock famous that the Euler audit by WatchPug in July 2022 missed the essential vulnerability that finally led to the exploit in March 2023.

Euler has additionally reached out to main on-chain analytic and blockchain safety corporations, akin to TRM Labs, Chainalysis and the broader ETH safety neighborhood, in a bid to assist them with the investigation and recuperate the funds.

Euler notified that also they are attempting to contact these liable for the assault with a view to study extra concerning the concern and probably negotiate a bounty to recuperate the stolen funds.