Despite undergoing 10 separate audits by six different firms over a two-year period, Ethereum-based lending protocol Euler Finance fell victim to a $196 million flash loan attack on March 13.
Euler Labs CEO, Michael Bentley, described the attack as one of the “hardest days” of his life in a series of tweets on March 17.
The audits conducted by blockchain security firms, including Halborn, Solidified, ZK Labs, Certora, Sherlock, and Omnisica, had deemed the platform to be “nothing higher than low risk” and having “no outstanding issues” prior to the attack.
Halborn, which conducted its audit from May 2021 to September 2022, found that Euler received “nothing higher than low risk” after measuring the “likelihood of a security incident” and its potential impact.
Omnisica addressed some “incorrect paradigms” in Euler’s base swapper implementation, but stated in the report that these issues were “properly dealt” with by Euler and that “no outstanding issues” remained.
Despite a $1 million bounty being launched by Euler for information leading to the hacker’s arrest, the protocol’s hacker began moving funds through crypto mixer Tornado Cash on March 16.
In his recent Twitter thread, Bentley expressed his disappointment and thanked security experts who are “working on leads” for the investigation.