DeFi Lender Euler Finance Drained of $197M In Flash Loan Exploit

Decentralized finance (DeFi) platform Euler Finance has reportedly suffered an exploit of approximately $196.9 million, per audit platform BlockSec.

The attacker nabbed $8.7 million in the decentralized stablecoin DAI, $18.5 million in Wrapped Bitcoin (WBTC), a whopping $135.8 million in Staked Ethereum (stETH), and another $33.8 million in Circle’s USD stablecoin USDC.

Euler Finance is a borrowing and lending platform for cryptocurrencies, allowing users to earn interest for adding various assets to the protocol.

A BlockSec spokesperson told Decrypt that the root vulnerability is still unknown, but that the attacker used a series of six different flash loans to leverage the attack. A flash loan is a crypto-native loan in which a user borrows and returns funds in the same transaction.

Others reported that the “donateToReserves” function in the project’s smart contracts is the key vulnerability.


Euler’s market data indicates that there is roughly $200 in the WBTC lending market and $208 in USDC. Based on data pulled at 11 am CEST, both the DAI and stETH markets have been completely drained.

The markets page now reports a rendering error.

Per DeFi Llama, the project’s total value locked (TVL), the dollar amount of assets sloshing around in the app, was $237.9 million prior to the attack.

The project did not immediately respond to Decrypt‘s request for comment.

Euler tweeted that it is “aware and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it.”

Euler Finance’s head of risk commented “devs on it” and “working” in the wake of the latest exploit.

The DeFi project’s native token EUL has plummeted 50% in the last hour, per Coingecko.

Stay on top of crypto news, get daily updates in your inbox.