Ten different audits carried out over a two-year period on the Euler Finance lending protocol deemed the platform as “nothing higher than low risk” and revealed that it had “no outstanding issues” prior to suffering a $196 million flash loan attack. In a number of Twitter posts, Euler Labs chief executive officer Michael Bentley spoke about the “hardest days” of his life following the March 13th $196 million attack.
Bentley shared a tweet from one user who shared the fact that Euler had undergone 10 separate audits from 6 different auditing firms, remarking that the lending platform “has always been a security-minded project.” Several blockchain security companies, including Halborn, ZK Labs, Certora, and others, performed smart contract audits on the lending firm between May 2021 and September 2022.
Halborn’s risk assessment measured the “likelihood of a security incident” and the effect that an incident might have. The risk level ranged from very low to critical. Euler Finance received “nothing higher than low risk.” In a summary of Halborn’s audit, it was revealed that the firm had arrived at “an overall satisfactory result.”
Halborn’s summary revealed that 23 separate smart contracts had been “inspected and analyzed” over one month. Of those, only “two low risks and three informational” threats were discovered. Euler Finance stated that it had discussed Halborn’s audit results and deduced the risks mentioned by the auditor “pose no significant threats.”
Omnisica, a blockchain security company, resolved some “incorrect paradigms” within Euler’s swapper implementation. However, their report claimed that Euler Finance had “properly dealt” with the issues, and that “no outstanding issues” remained.
Yesterday, the Euler’s hacker began transferring funds, sending them through the Tornado Cash cryptocurrency mixer just hours after a $1 million reward was offered by Euler for any information that leads to the hacker being arrested.
In his most recent Twitter post, Bentley stated that he would never “forgive the attacker” because he was required to “sacrifice time” with his newly born son as a result of the attack. However, he did thank the security experts who are actively “working on leads.”
Prior to announcing the reward, Euler released a warning to the hacker, stating that it would offer a bounty “that leads to your arrest and the return of all funds” if 90% of the stolen funds were not returned to them within the next 24 hours.