$197 Million Stolen: Euler Finance Flash Loan Attack Explained

On March 13, 2023, Euler Finance — a permissionless lending protocol on Ethereum — was hit by a flash loan attack that drained approximately $197 million in USDC, wrapped Bitcoin, staked ETH, and DAI. It was the largest DeFi hack of that year, and it exploited a vulnerability that had gone undetected through multiple audits.

What Is a Flash Loan?

Flash loans allow users to borrow any amount of funds from a DeFi protocol without providing collateral, as long as the loan is repaid within the same transaction. If it isn't, the entire transaction reverts as if it never happened. Legitimate use cases include arbitrage and collateral swaps. The problem is that the same mechanics can be weaponized to manipulate pricing oracles or exploit logical flaws in lending protocols.

How the Attack Worked

Euler Finance issues two types of tokens to users: eTokens (representing collateral deposits) and dTokens (representing debt). The system is designed to trigger liquidations when a user's debt exceeds their collateral. The vulnerability lived in a function called DonateToReserves.

This function was correctly burning eTokens when called, but it was not burning the corresponding dTokens. This created an accounting mismatch — the protocol believed a user had less collateral and more debt than they actually did, creating a false impression of under-collateralization.

The attacker borrowed roughly $30 million in DAI from Aave via a flash loan, deposited $20 million into Euler to receive eDAI, then used Euler's own leverage mechanism to borrow ten times that amount. By repeatedly calling the mint function and the flawed donate function, they were able to accumulate a position that looked insolvent from Euler's perspective — and then used that to drain real assets from the protocol.

After the exploit, the attacker moved funds through Tornado Cash and across multiple addresses to obscure the trail.

An Unexpected Ending

Several weeks after the attack, the hacker — who identified themselves as Jacob — began returning the stolen funds. Starting with 3,000 ETH on March 18, then 51,000 ETH on March 25, followed by additional tranches of ETH and DAI, Jacob eventually returned nearly everything. In a series of on-chain messages, Jacob apologized and explained his intent to make Euler whole.

On April 4, 2023, Euler announced that its community investigation was complete and that it was developing a plan to restore user funds.

Early in the morning of March 17, 2023, 100 ETH from the hack had moved to an address previously linked to the Lazarus Group's Ronin Bridge attack — briefly suggesting North Korean involvement. However, investigators noted this could have been an attempt at misdirection. The full picture remains unclear.

What It Means for DeFi Security

The Euler incident demonstrated two things. First, that even well-audited protocols can contain critical vulnerabilities in edge-case functions that aren't part of the main attack surface. Second, that circuit breakers — automated mechanisms that pause protocols when withdrawal volumes exceed normal thresholds — could have limited the damage significantly. The attack unfolded over multiple transactions in a predictable pattern that real-time invariant monitoring would have flagged.