On Monday, the blockchain monitoring firm PeckShield sent an ominous tweet directed at the crypto lending platform Euler Finance, simply saying: “Hi [...] you may want to take a look.”
What the firm was suggesting Euler take a look at was a series of transactions that indicated there was an ongoing hack against Euler. According to PeckShield, hackers exploited Euler “in a flurry of transactions” which led to the theft of around $197 million in crypto. Crypto security firm BlockSec also reported the attack.
While this sounds like a lot of money — and it is — it’s only the 26th largest crypto theft ever, according to a website that keeps track of crypto hacks and scams.
“We are aware and our team is currently working with security professionals and law enforcement,” Euler wrote in response to the tweet. “We will release further information as soon as we have it.”
Euler did not immediately respond to a request for comment.
ZachXBT, an independent researcher who investigates crypto scams and hacks, wrote on Twitter that his is “almost certainly” an attack by malicious hackers, given that the same people were exploiting “some random protocol on [Binance Smart Chain] a few weeks ago and then the funds deposited to Tornado [Cash],” a popular crypto mixing service that has been sanctioned by the U.S. government for allegedly facilitating money laundering.
In its official Discord and Telegram channels, several Euler investors are complaining about what happened and wondering what they should do next, and if there is any hope.
“Almost 1.3M USD gone. I thought they were the most secure lending protocol, I never liked Michael on twitter, but i wouldn't even imagine them releasing updates without prior notice or audits,” wrote one on Discord.
“Nice to at least know how I respond when I lose over $100k in the space of an hour. Learned a little about myself today. Maybe it's not about the money lads, it's about what you learn along the way,” wrote another investor on Discord.
On its website, Euler says it has partnered with six “top security” firms. Clearly, that was not enough to stop hackers.
The price of Euler’s crypto token fell dramatically following the news of the attack.
Do you have more information about this hack or other crypto hacks? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email email@example.com. You can also contact TechCrunch via SecureDrop.