Euler Finance
HackedDeFi · $EUL · born 2021 · ✝ 2023
A $197M flash-loan exploit — then the hacker gave it all back.
Euler was a permissionless Ethereum lending protocol. In March 2023 an attacker exploited a flawed donation function to drain ~$197M, the year's largest DeFi hack — then, after on-chain negotiation, returned nearly all of it.
- Peak
- ~$197M stolen (mostly returned)
- Cause
- Hacked
- Year of death
- 2023
☠️ Cause of death
A missing health-check on the donateToReserves function let an attacker push their own position into bad debt via a flash loan, then liquidate it for a profit the protocol's accounting couldn't absorb.
📓 Lessons left behind
- —Every state-changing function needs the same solvency checks.
- —A passed audit is a snapshot, not a guarantee.
- —Traceability can turn a $197M theft into a refund.
🌱 The idea that survived
Modular, re-audited lending
Euler relaunched as a heavily-audited modular v2 — the lending-vault primitive survived once the donation bug was excised.
#defi#lending#flash-loan#returned-funds