On March 13, Decentralized finance lending protocol (DeFi), Euler Finance was the target of an attack that resulted in a loss of about $200 million. This attack was not necessarily a hack but a sly usage of flash loans. The losses were spread among four exchanges, including dai (DAI), wrapped Bitcoin (WBTC), staked ether (sETH), and USDC. The attacker carried out the attack with the help of a flash loan.
While last year, on March 29, 2022, the gaming-focused Ronin incurred a loss of over $625 million in USDC and ether (ETH). The attack targeted Ronin validator nodes for Sky Mavis, the developers of the famous Axie Infinity game, and the Axie DAO. According to Etherscan, the attacker used hacked private keys to generate bogus withdrawals from the Ronin bridge spanning two transactions.
The addresses associated with the two attacks recently started initiating contact with each other. The reason for such contact is still unclear. Lookonchain, an on-chain analyst, reported that an address held by the user who hacked Euler Finance’s protocol delivered 100 Ether ($170,515) to a wallet related to the Ronin network hack by Lazarus Group. The question also came up if the transaction indicated that the hackers of the two attacks were the same person or if the transfer was intentional.
Lazarus Group is an infamous group of hackers from North Korea. The Lazarus gang has conducted several attacks across the years, where most of the attacks include disruption, sabotage, financial theft, or espionage. There are other “spin-off” organisations inside the organisation that specialise in specific types of assaults and targets.
Euler had ten audits from six different organisations, including a front-end audit, which is rare in a defi protocol. It appeared to be quite safe and solid. And the majority of these auditors are already doing automated scans across the code to detect the most prevalent issues.
According to Euler Labs CEO Michael Bentley also took to Twitter to defend the protocol “Euler has always been a security-minded project. The Euler smart contracts, including the vulnerable lines of code, were audited.”
The Lazarus gang has carried out various assaults throughout the years, with the majority of them including disruption, sabotage, money theft, or espionage. Several “spin-off” organisations within the organisation specialise in certain sorts of attacks and targets. In April 2022, the U.S. Department of the Treasury updated its list of designated entities adding the name of Lazarus Group to it.