{"id":84116,"date":"2023-09-07T10:58:32","date_gmt":"2023-09-07T07:58:32","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=84116"},"modified":"2025-09-12T15:26:18","modified_gmt":"2025-09-12T12:26:18","slug":"white-hat-hacker-explains-the-cause-of-euler-finances-200-million-exploit","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/white-hat-hacker-explains-the-cause-of-euler-finances-200-million-exploit\/","title":{"rendered":"White-hat hacker explains the cause of Euler Finance&#8217;s $200 million exploit"},"content":{"rendered":"<p>Fixing the vulnerability identified in Euler Finance&#8217;s DeFi protocol led to the emergence of another bug. In March it was used by an unknown <a href=\"https:\/\/forklog.com\/en\/news\/euler-finance-hacked-for-196-million\">for the attack on $200 million<\/a>, said the white-hat hacker known as Kankodu.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/q1jpVQnJQo4OG4QFTGddy_adHnvGDiEcVdLsWzACZLCRs0e6ClrcBTHFSpEklnE5D6KxOPJgsMJdIBRj4eqnr0CZrTIvpPScqPXkh34BCTbBoFygDSWum1Aq2fYM9qpr13CNUj7zEEgOUqZt02wZVks\" alt=\"\u0411\u0435\u043b\u044b\u0439 \u0445\u0430\u043a\u0435\u0440 \u043d\u0430\u0437\u0432\u0430\u043b \u043f\u0440\u0438\u0447\u0438\u043d\u0443 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 Euler Finance \u043d\u0430 $200 \u043c\u043b\u043d\"\/><figcaption class=\"wp-element-caption\">Data: <a href=\"https:\/\/twitter.com\/kankodu\/status\/1698992720637997305\">X<\/a>.<\/figcaption><\/figure>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cFixing the bug I disclosed ended up introducing the function responsible for the breach,\u201d the expert wrote.<\/p>\n<\/blockquote>\n<p>According to him, in June 2022 he alerted the developers to the \u201cfirst-deposit bug.\u201d The lending protocol allows users to borrow assets, receiving eToken tokens at the exchange rate. The vulnerability discovered by Kankodu enabled him to artificially inflate quotes and withdraw all the coins.<\/p>\n<p>The Euler Finance team awarded him a $50,000 bounty. In Immunefi&#8217;s white-hat leaderboard, the expert ranks 17th with 28 paid reports and earnings of $688,840.<\/p>\n<p>To fix the vulnerability, the developers of the DeFi project made changes to the protocol so that all new eToken tokens initialize with a total collateral buffer of 1 million wei. This mirrored the Uniswap v2 approach and made the attack economically infeasible, according to Kankodu.<\/p>\n<p>For existing coins with reserves above 1 million wei, no action was necessary. For another scenario, the developers implemented the donateToReserves function aimed at increasing collateral above 1 million wei. It was this function, in combination with the protocol&#8217;s liquidation mechanism, that the attacker exploited to attack the protocol, the expert said.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThis serves as a costly lesson, as even small bug fixes carry the same importance as major updates such as a new version of the protocol,\u201d emphasised Kankodu.<\/p>\n<\/blockquote>\n<p>As noted, the Euler Finance hacker <a href=\"https:\/\/forklog.com\/en\/news\/euler-finance-hacker-returns-remaining-31-million-to-the-project\">returned to the project<\/a> almost the entire stolen amount, keeping about $19 million as the agreed reward.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fixing the vulnerability identified in Euler Finance&#8217;s DeFi protocol led to the emergence of another bug. In March it was used by an unknown {{AOPEN_1}}for the attack on $200 million{{ACLOSE_1}}, said the white-hat hacker known as Kankodu.<\/p>\n","protected":false},"author":1,"featured_media":84117,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1093,1195],"class_list":["post-84116","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-defi","tag-white-hat-hackers"],"aioseo_notices":[],"amp_enabled":true,"views":"37","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/84116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=84116"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/84116\/revisions"}],"predecessor-version":[{"id":84118,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/84116\/revisions\/84118"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/84117"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=84116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=84116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=84116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}