- The Ronin Bridge exploiter received 100 Ethereum (ETH) valued at $170,468 from the Euler Financial exploiter.
- Tornado Cash, a well-known mixing mechanism, was used by the attacker at Euler Finance to mask his activities.
Before it was attacked for $196 million, Euler Finance, an Ethereum-based lending system, was rated as “nothing greater than low risk” in ten independent audits that were done over two years.
Following Euler’s $196 million flash loan attack on 13 March, CEO of Euler Labs Michael Bentley wrote in a series of tweets on 17 March about the “hardest days” of his life.
He retweeted a user who had shared information about Euler receiving 10 audits from six different firms, saying the platform “has always been a security-minded initiative” and adding that he had retweeted the individual.
The Euler Financial smart contract was audited by blockchain security companies Halborn, Solidified, ZK Labs, Certora, Sherlock, and Omnisica between May 2021 and September 2022.
Also, on 17 March, the Ronin Bridge exploiter received 100 Ethereum (ETH) from the Euler Financial exploiter, valued at $170,468. Lookonchain, questioned whether the transfer was unintentional or whether it demonstrated that the two hackers were the same person.
The impact it holds
By calculating the “probability of a security incident” and the potential impact, Halborn evaluated its risk assessment, with the risk level ranging from very low and informational to critical. “Nothing higher than low risk” was given to Euler.
A summary of Halborn’s audit from December 2022 stated that it had produced “an overall satisfactory result.”
According to the report, Halborn “inspected and studied” 23 smart contracts over a month, but only “two low risks and three informational” risks were found.
After reviewing Halborn’s insurance, Euler claimed to have concluded that the risks “represent no serious threats.”
There have been rumors that the notorious North Korean hacking group Lazarus, which was related to the Ronin Bridge attack, is also responsible for the Euler Financial exploit.
Nevertheless, the transaction does not offer concrete proof of the parties’ relationship. The attacker at Euler Finance attempted to conceal his transactions using Tornado Cash, a recognized mixing mechanism. Also, the attacker sent one of the exploit’s victims 100 ETH.
What is next?
Merely 24 hours before the bounty, Euler had warned that if 90% of the funds were not returned in that time, it would launch one “that leads to your arrest and the restitution of all funds”.
Apart from this, the blockchain security company Omnisica fixed various “incorrect concepts” and the way the swap mode was “managed by the codebase” in Euler’s main swapper implementation.
The study claimed that Euler had “fully dealt” with these problems and that there were “no outstanding difficulties” at this point.
