DeFi ecosystem suffers heavy blow: Euler Finance attack triggers chain reaction

Euler Finance is one of the few innovative DeFi projects in recent years. The project categorizes assets into different levels based on their risk, with each level having unique lending permissions. However, on March 13, Euler Finance suffered a hacker attack, resulting in losses of approximately $200 million.

As a foundational lending protocol, the security of Euler is particularly important. Due to the composability of Decentralized Finance, this attack also caused losses of tens of millions of dollars to several other DeFi projects.

Angle Protocol Hit Hard

Angle Protocol is a decentralized stablecoin project that mainly issues the euro stablecoin agEUR. Users can mint agEUR in two ways: first, by using the core module to exchange stablecoins like USDC on a 1:1 basis; second, by using the lending module to mint with over-collateralization of assets like WETH.

To increase project returns and incentivize holders, Angle has developed a yield strategy that utilizes the collateral used for minting agEUR in the core module to generate yield. Euler is one of the main destinations for these strategies.

Angle estimates a loss of approximately $17.61 million in this attack. Although the project previously had a surplus of $5.58 million, it is still unable to fully offset the loss. agEUR holders, liquidity providers, and the funds of hedge token holders will be treated as a whole and compensated proportionally. Users who minted agEUR through the lending module can still repay their loans and redeem their collateral.

Balancer Affected

As a decentralized exchange, Balancer suffered a loss of 11.9 million USD due to the attack involving bbeUSD (Euler Boosted USD).

Boosted Pools is an innovative feature launched by Balancer in December 2021, aimed at increasing LP yields and facilitating user entry and exit from other protocols. Balancer allocates a portion of the funds in Boosted Pools to lending protocols, while the remaining funds are used to facilitate trading.

In the Balancer Boosted Euler USD pool, users can deposit three stablecoins: USDT, USDC, and DAI. Balancer will deposit these funds into Euler and issue LP tokens bbeUSD to users. bbeUSD can also be paired with other tokens in Balancer to earn liquidity mining rewards.

While promoting the use of bbeUSD, Balancer has also increased the scale of this loss. Apart from the Balancer Boosted Euler USDC pool, LPs of multiple trading pairs using bbeUSD can only redeem a portion of their funds.

Idle Finance suffers heavy losses

Idle Finance, as a yield aggregator, offers three yield strategies: Best Yield, Senior Tranches, and Junior Tranches. Junior Tranches carry higher risk and yield, and may need to bear losses first in the event of a safety incident.

Idle Finance automatically deposits funds such as DAI, USDT, and ETH into multiple projects to earn yields and reinvest. Due to its preference for selecting high-yield strategies, Euler Finance has become an important partner of Idle Finance.

Idle Finance stated that its Best Yield Vault and Yield Tranches have a risk exposure to Euler Finance of $5.3271 million and $5.6628 million, respectively, totaling approximately $10.99 million.

Yield Protocol Affected

Yield Protocol is a fixed-rate lending protocol that operates on a model similar to zero-coupon bonds. Depositors receive fyTokens, which can be redeemed for the underlying asset at a 1:1 ratio after the maturity date. Before maturity, fyTokens can be traded at a discount.

The liquidity pool of Yield Protocol is built on top of Euler, with part of the funds deposited in Euler and part held in fyTokens. The portion deposited in Euler is affected, with expected deposits before the attack being less than $1.5 million. The collateral of the borrowers remains unaffected as it is held in Yield Protocol.

Other Affected Projects

1. Yearn: yvUSDT and yvUSDC have a risk exposure of $1.38 million to Euler due to the strategies using Idle and Angle. Bad debts will be borne by the Yearn Treasury.

2. Harvest: USDC, USDT, WETH Vault are affected by the use of Idle. No handling plan has been announced yet.

3. Inverse Finance: The DOLA/bbeUSD trading pair suffered losses, with DOLA Fed losing $860,000.

4. SwissBorg: The ETH and USDT portions of the Earn strategy suffered losses, including 1617.23 ETH and approximately 1.69 million USDT. SwissBorg will bear all losses.

5. Opyn: The Zen Bull strategy is affected, possibly leading to losses due to collateralized lending on Euler. The specific loss amount and handling methods have not yet been disclosed.

6. Sherlock: As a Decentralized Finance security provider, has voted to compensate Euler with $4.5 million and executed a payout of $3.3 million.

7. Sense Finance: Indirectly affected due to its tradable fixed-income assets such as Idle.

The recent attack on Euler Finance highlights the interconnectedness and potential risks within the Decentralized Finance ecosystem. While innovation brings new opportunities, it also increases the vulnerability of the entire ecosystem. In the future, DeFi projects may need to place greater emphasis on security and risk management while pursuing innovation.