$200 Million Heist Unmasked: Unraveling the Winners & Losers of the Epic Euler Finance Exploit Through Token Flow Analysis
Examining Collateral Value, Token Flow, and the Implications for DeFi Protocols and Players.
Update: As of March 30, the Euler Finance hacker returned $177 million of the stolen $200 million.
Highlight
This report analyzes the historical rise and fall of Euler Finance's collateral value to see how big events impact DeFi protocols dramatically.
We identify the beneficiaries and losers interacting with Euler from different angles based on actual token flow data.
While the exploiter is the biggest winner, who drained $200 million out of the protocol. Many crypto whales and several third-party protocols suffered from this event. Only a few individual addresses are left safely with a profit.
Identifying addresses with large net flows in the list of addresses interacting with the protocol can give us some insights.
Background
As of the writing date, Euler Finance's dashboard shows that most of the collateral has been drained, resulting in the recent large-scale attack on the protocol on March 13, 2023. According to @peckshield's statistics, the total loss of this attack is around $197 million, and two exploiters conducted six successful attacking transactions.
And interestingly, the first attack transaction was from a front-running bot, and it could not withdraw the proceeds to its address due to the withdrawal restriction set by the actual attacker. This transaction is a long-tail MEV where the front-runner reinvented the wheel but got nothing.
We detect and analyze the main related parties interacting with Euler Finance from the perspective of token flow. If Euler Finance cannot recover assets drained by the attacker, the LPs that provide liquidity on this platform suffer losses from third-party risk. Of course, some participants may be able to withdraw their liquidity before this happens safely.
Based on the asset flow of nine collateral tokens accepted by Euler Vault 0x2718, we analyze the historical rise and fall of Euler Finance's collateral value and try to identify the beneficiaries and losers in the process.
The rise and fall of Euler Finance's Collateral Value
As Euler Finance maintains all collateral in a single vault contract address, any fluctuations in the overall value of the collateral can be determined by analyzing transfer logs from blockchain transactions. Therefore, our analysis focuses solely on the movement of nine specific collateral tokens into and out of Euler, with values denominated in USD based on quotes obtained from Chainlink (for DAI, USDC, USDT, WETH, WBTC, stETH) and Coinmarketcap (for cbETH, rETH, and wstETH). Other tokens are excluded from our analysis.
The figure below illustrates the historical changes in Euler Finance’s collateral value starting from December 11, 2021. The overall trend shows an increase in the size of funds deposited to the vault contract in the first half of 2022. In June 2022, its value significantly increased with a large influx of funds. However, it faced two pullbacks in the second half of the year, and the drop in November 2022 coincided with the collapse of FTX.
In the first quarter of 2023, however, the collateral value rebounded to nearly its all-time high of $349 million. But when exploiters found a loophole in the protocol design, they removed most of the collateral. As a result, on March 13, when the attack occurred, the total balance of these nine collateral tokens plummeted to just $31.7 million.
The pattern of the entire curve is consistent with the result shown on DefiLlama, which also provides a more detailed panel showing the distribution and evolution of Euler's TVL.
Exploiters' gain: The biggest winner
The attacker is undoubtedly the biggest winner here. Next, we examine token flows involving the exploiters' addresses. The following two tables display the volume of tokens transferred to and from the Euler contract, interacting with the exploiters' addresses. We also verified the timing of these transfers and confirmed that they all took place during the incident.
The exploiters transferred funds with the Euler contract on six tokens: DAI, USDC, WETH, stETH, and wstETH. Each address either moved funds into the contract or out of it. In total, the exploiters' addresses transferred $740.28 million to the Euler contract, while the Euler contract transferred $944.75 million to the exploiters' addresses. As a result, the exploiters gained $204.46 million from Euler Finance, aligning closely with third-party data.
Even more noteworthy is that most of the exploiters' attack costs came from a flash loan, making it an excellent deal.
Did crypto whales in June profit from Euler?
The total collateral value deposited into Euler's vault contract experienced a dramatic rise in June 2022, indicating the entry of crypto whales. We examined crypto whale addresses that transferred over $1 million to Euler Finance between June 1st and June 11th. By analyzing their trading characteristics, we calculated whether they ultimately profited. The figure below displays the collateral value of 22 addresses identified based on our filtering rule. During this time, the top whale deposited over $100 million in collateral tokens, primarily in DAI, while other whales favored depositing USDC, WETH, and wstETH.
Let's delve deeper into the daily and amount distribution of these whales as they carry out transfer-in and transfer-out operations. We can see that the top whale, 0xb84c, invested over $100 million on a single day in June and didn't begin withdrawing assets until September, with numerous withdrawals during the FTX panic in November. A few addresses, such as 0x1111, appear to be public service contracts, displaying more frequent and regular operations. We have verified that 0x1111 is the aggregation router for 1inch v4.
By tallying all historical asset flows and net changes of these addresses in their interactions with Euler and identifying the corresponding entities for the addresses, we discovered that most addresses belong to crypto whales with significant assets or DeFi degens experienced in interacting with DeFi protocols. Apart from a few addresses that managed to preserve themselves, most experienced a loss of 5%-10%. Some addresses even endured losses of more than 20%.
We cannot dismiss the possibility that these addresses deposited these mainstream assets and lent out some long-tail tokens. However, since the TVL of long-tail tokens in the Euler vault is relatively small, we can consider it negligible.
Other Related Parties
The token flows resulting from the interactions between exploiters and Euler Finance exhibit the following features:
Significant net change in fund flow
Transfer interactions comprising purely inflows or outflows
Brief periods of interaction between the address and the Euler contract
We evaluate the effectiveness of these features in identifying other notable stakeholders.
Addresses transferred a net value of over $1 million interacting with Euler
A total of 5,756 addresses engaged in transfer interactions with the Euler contract, with 64 addresses sending over $1 million to Euler and 22 addresses receiving over $1 million from Euler. From the list of addresses transferring over $1 million to Euler, we identified more crypto whales who experienced losses on this platform. In addition, some third-party protocols that rely on Euler for asset management or value-added services, such as Angel Protocol's contract and EulerLinearPoolRebalancer, appeared on the list. While the composability of DeFi offers modular functionality for these protocols, it also positions them within the risk-contagion network of the DeFi system.
We also discovered individual addresses that lost their investments on this platform, such as crypto whale 0xf703. This investor deposited assets into Euler last November and received airdrop and staking rewards from Euler several times during the process. These small gains may have increased user stickiness, leading the investor to continue depositing assets into Euler until after the attack. Unfortunately, at that point, the investor could only withdraw a few remaining long-tail assets, which did not cover their $2.3 million principal!
Similarly, we can examine the performance of the winners. The dataset below shows that a few winners gained over $1 million from Euler. Most of these are exploiters' contracts, and we should exclude some of DEX's router addresses. However, one remarkable EOA address, 0x4ce6, achieved a 30%+ return.
Pure Inflows and Outflows
We also noticed addresses displaying either pure transfer-in or pure transfer-out behavior during their interactions with Euler. For example, we found 126 addresses that exclusively transferred funds out of Euler, while 1,196 addresses solely transferred funds into Euler. As a result, the graph below uniformly displays the net gain/lo’ net gain/loss and interaction time.
Duration Distribution of Addresses Categorized by Features
When examining the duration of interaction with Euler for addresses with different characteristics, winners seem to favor shorter interaction times. In a volatile market environment, promptly securing profits might be a better strategy. However, due to missing data on address groups in this analysis, some inflow and outflow addresses could belong to the same entity and have not yet been identified. We will research further to correct this.
Appendix
Appendix I: Euler Finance' contract and collaterals
Euler: Token: 0x27182842E098f60e3D576794A5bFFb0777E025d3
DAI: 0x6B175474E89094C44Da98b954EedeAC495271d0F
USDC:0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48
USDT:0xdAC17F958D2ee523a2206206994597C13D831ec7
WSTETH:0x7f39C581F595B53c5cb19bD0b3f8dA6c935E2Ca0
WBTC:0x2260FAC5E5542a773Aa44fBCfeDf7C193bc2C599
WETH:0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2
STETH:0xae7ab96520DE3A18E5e111B5EaAb095312D7fE84
CBETH:0xBe9895146f7AF43049ca1c1AE358B0541Ea49704
RETH:0xae78736Cd615f374D3085123A210448E74Fc6393
Appendix II: Euler Finance exploiters' address list
Txhash1: 0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d
0x5F259D0b76665c337c6104145894F4D1D2758B8c (EOA)
0xeBC29199C817Dc47BA12E3F86102564D640CBf99
0xA0b3ee897f233F385E5D61086c32685257d4f12b
0x583c21631c48D442B5C0E605d624f54A0B366c72
Tokens:DAI、eDAI、dDAI、aDAI
Txhash2: 0x71a908be0bef6174bccc3d493becdfd28395d78898e355d451cb52f7bac38617
0xB2698C2D99aD2c302a95A8DB26B08D17a77cedd4 (EOA)
0x036cec1a199234fC02f72d29e596a09440825f1C
0xD041709eB1c61cE6eC9d46126aC0E4B50EADe576
0xB324581EE258Aa67bC144Ad27f79F8dCaC569AF0
Tokens:WBTC、eWBTC、dWBTC、WETH、ETH
Txhash3: 0x62bd3d31a7b75c098ccf28bc4d4af8c4a191b4b9e451fab4232258079e8b18c4
0xB2698C2D99aD2c302a95A8DB26B08D17a77cedd4 (EOA)
0x036cec1a199234fC02f72d29e596a09440825f1C
0xcec2981d8047C401F2A4E972a7e5AdA3f5EcF838
0x1e4446016F3fdDfE2eCC046cF91a8010A30E9a9b
0x22c5Cf8FC9891f8EF5A5e8630B95115018a09736
0x84273Bba41cD0eC99f59B5B4c85783Cf514E4e1a
Tokens:wstETH、ewstETH、dwstETH、stETH、ETH
Txhash4: 0x465a6780145f1efe3ab52f94c006065575712d2003d83d85481f3d110ed131d9
0xB2698C2D99aD2c302a95A8DB26B08D17a77cedd4 (EOA)
0x036cec1a199234fC02f72d29e596a09440825f1C
0xd444a7aC5d1c5Eb8EBC9DaB83834a412e9B7be76
0x7dB7099B00d1d24EF2814CfCDe723eAcd958B05b
Tokens: USDC、eUSDC、dUSDC、aUSDC
Txhash5: 0x3097830e9921e4063d334acb82f6a79374f76f0b1a8f857e89b89bc58df1f311
0xB2698C2D99aD2c302a95A8DB26B08D17a77cedd4 (EOA)
0x036cec1a199234fC02f72d29e596a09440825f1C
0x12DF82A443c77eAe9d5Bb0F5c8d0EC706ECb338c
0xa4C0AFecA6273b012382970c1Ed8690c2929988D
Tokens:stETH、estETH、dstETH、ETH
Txhash6: 0x47ac3527d02e6b9631c77fad1cdee7bfa77a8a7bfd4880dccbda5146ace4088f
0xB2698C2D99aD2c302a95A8DB26B08D17a77cedd4 (EOA)
0x036cec1a199234fC02f72d29e596a09440825f1C
0xD3b7CEA28Feb5E537fcA4E657e3f60129456eaF3
0x0b812c74729b6aBc723F22986C61D95344ff7ABA
Tokens:WETH、eWETH、dWETH、aWETH
Appendix III: Tokens involved in Euler Finance Exploit
DAI、eDAI、dDAI、aDAI
WBTC、eWBTC、dWBTC、WETH、ETH
wstETH、ewstETH、dwstETH、stETH、ETH
USDC、eUSDC、dUSDC、aUSDC
stETH、estETH、dstETH、ETH
WETH、eWETH、dWETH、aWETH