← Euler Finance3 decisions on this page
Audit log
Every state-changing event for Euler Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.
- #1publishby system:backfill2026-05-30 18:25:14ZScore: ? → ? (no score change)anchoranchored
- chain
- ●mainnet-betaslot 423,210,416
- sig
21p2H4mnzBcH…3rRG1B2xexplorer ↗- hash
7HhXRHU56n7H…ewg2aowPsha256 → base58
verifying row…full verify ↗canonical bytes (9377 B) ▸
{"actor":"system:backfill","investigation_id":"04f904e4-8932-42bf-92cb-e7a23d2f99b2","kind":"publish","page_slug":"euler-finance","published_at":"2026-05-30T18:25:14.034Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Euler Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.euler.finance/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/linked/150447/haun-ventures-leads-32-million-round-in-ethereum-protocol-euler","type":"other","url":""},{"credibility":3,"name":"https://oakresearch.io/en/reports/protocols/euler-v2-eul-comprehensive-overview-modular-lending-ecosystem","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.chainalysis.com/blog/euler-finance-flash-loan-attack/","type":"other","url":""},{"credibility":3,"name":"https://www.bloomberg.com/news/articles/2023-03-13/defi-s-euler-finance-hit-by-197-million-hack-experts-say","type":"other","url":""},{"credibility":3,"name":"https://therecord.media/cryptocurrency-heist-de-fi-euler","type":"other","url":""},{"credibility":3,"name":"https://www.coinbase.com/blog/euler-compromise-investigation-part-1-the-exploit","type":"other","url":""},{"credibility":3,"name":"https://blocksec.com/blog/euler-finance-incident-the-largest-hack-of-2023","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptonews.net/news/security/20684043/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/249413/euler-finance-whitehat-unknowingly-caused-200-million-hack","type":"other","url":""},{"credibility":3,"name":"https://hacken.io/discover/euler-finance-hack/","type":"other","url":""},{"credibility":3,"name":"https://www.cyfrin.io/blog/how-did-the-euler-finance-hack-happen-hack-analysis","type":"other","url":""},{"credibility":3,"name":"https://euler.finance/blog/securing-euler","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.euler.finance/blog/war-peace-behind-the-scenes-of-eulers-240m-exploit-recovery","type":"other","url":""},{"credibility":3,"name":"https://fortune.com/crypto/2023/04/06/how-an-elite-team-pressured-a-hacker-to-return-200m-he-stole-from-defi-platorm-euler/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2023/03/28/hacker-behind-200m-euler-attack-apologizes-returns-millions-in-ether-dai-to-protocol","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2023/04/12/euler-finance-lets-users-redeem-recovered-funds-following-200m-theft","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/125373/euler-finance-exploiter-returns-recoverable-funds-200m-hack","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.chainalysis.com/blog/euler-finance-flash-loan-attack/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2023/03/21/hacker-vs-hacker-north-koreans-attempt-to-phish-euler-exploiter-of-200m-in-crypto-experts-say","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/interaction-detected-between-wallet-tied-to-euler-finance-exploiter-and-north-koreas-lazarus-group/","type":"other","url":""},{"credibility":3,"name":"https://www.euler.finance/blog/war-peace-behind-the-scenes-of-eulers-240m-exploit-recovery","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blockworks.co/news/euler-labs-risk-head-resigns/","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/eulers-head-of-risk-resigns-saying-not-much-i-can-help-them-with/","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/people/euler-ceo-michael-bentley-steps-down","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/post/314655/euler-launches-v2-modular-defi-lending-protocol-following-hack","type":"other","url":""},{"credibility":3,"name":"https://www.euler.finance/blog/euler-v2-the-new-modular-age-of-defi","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2025/03/14/euler-looks-to-build-on-v2-s-defi-lending-comeback-story","type":"other","url":""},{"credibility":3,"name":"https://blockworks.com/news/euler-finance-exploit-comeback","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/euler-v2","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coinmarketcap.com/currencies/euler-finance/","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/euler-v2","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/markets/2026/04/20/defi-tvl-drops-more-than-usd13-billion-in-two-days-following-kelp-dao-hack","type":"other","url":""},{"credibility":3,"name":"https://www.euler.finance/risk-disclosures","type":"other","url":""}]}],"sources_used":[],"summary":"Euler Finance is an Ethereum-based non-custodial lending protocol founded in 2020 by Michael Bentley (PhD, Oxford) that pioneered permissionless lending for long-tail ERC-20 assets. On March 13, 2023, the protocol suffered a ~$197 million flash loan exploit — the largest DeFi hack of 2023 — caused by a missing health check in the donateToReserves() function. In an unusual outcome, the attacker, who communicated under the alias 'Jacob,' returned approximately $240 million in assets (including ETH price appreciation) over three weeks following on-chain negotiations, enabling full user restitution. The protocol relaunched as Euler V2 in September 2024 with a modular architecture, 45+ security audits, and subsequently grew TVL to over $1.5 billion by early 2025.","timeline":[{"date":"2020-09-01","event":"Euler Labs incorporated; development of permissionless DeFi lending protocol begins.","source":""},{"date":"2021-08-25","event":"Euler raises ~$8 million in Series A funding, with Paradigm as a lead investor.","source":""},{"date":"2021-05-01","event":"First audit engagements begin; Halborn, Solidified, and other firms begin reviewing Euler smart contracts.","source":""},{"date":"2022-06-07","event":"Euler raises $32 million Series B led by Haun Ventures; investors include FTX Ventures, Coinbase Ventures, Jump Crypto, and Jane Street.","source":""},{"date":"2022-07-01","event":"Whitehat researcher Kankodu reports 'first depositor' bug via Immunefi bug bounty; awarded $50,000. Euler deploys fix introducing donateToReserves() function.","source":""},{"date":"2022-09-01","event":"WatchPug audit of donateToReserves() function conducted; missing solvency check not identified. Vulnerable code deployed on mainnet.","source":""},{"date":"2023-03-13","event":"Flash loan exploit drains ~$197 million from Euler Finance across stETH, USDC, WBTC, and DAI. Euler pauses vulnerable module same day. Lazarus Group wallet interaction flagged by on-chain analysts.","source":""},{"date":"2023-03-14","event":"Euler offers $1 million bounty for information on attacker identity. On-chain ultimatum demands return of 90% of funds within 24 hours.","source":""},{"date":"2023-03-18","event":"Attacker returns first tranche: 3,000 ETH (~$5.3 million). On-chain negotiations continue.","source":""},{"date":"2023-03-21","event":"Lazarus Group operatives allegedly attempt phishing attack against the Euler exploiter's wallet; investigators treat this as a false flag, not evidence of affiliation.","source":""},{"date":"2023-03-25","event":"Attacker returns 51,000 ETH (~$90 million) in major tranche.","source":""},{"date":"2023-03-28","event":"Attacker returns additional 7,000 ETH and $10 million DAI. On-chain apology sent by exploiter using alias 'Jacob.'","source":""},{"date":"2023-04-03","event":"Final tranche of stolen funds returned. Total recovered: ~$240 million (exceeding original $197 million due to ETH price appreciation).","source":""},{"date":"2023-04-12","event":"Euler opens user redemptions, allowing affected depositors to claim recovered funds. No net user losses recorded.","source":""},{"date":"2023-04-19","event":"Seraphim Czecker, Head of Risk at Euler Labs, publicly resigns approximately one month after the hack.","source":""},{"date":"2024-02-01","event":"Euler V2 architecture publicly announced; development and security audit program underway.","source":""},{"date":"2024-09-01","event":"Euler V2 launches on Ethereum mainnet following 45 audit engagements across 13 firms, a $1.25M Cantina code competition, and a $3.5M CTF challenge. TVL begins rapid growth from ~$4.5 million.","source":""},{"date":"2025-03-01","event":"Euler V2 TVL surpasses $1 billion, exceeding the V1 historical peak of $323 million. EUL token rises ~70% in Q1 2025.","source":""},{"date":"2026-01-12","event":"Co-founder and CEO Michael Bentley announces step-down from CEO role; Jonathan Han named incoming CEO.","source":""},{"date":"2026-04-19","event":"KelpDAO bridge exploit ($292 million). Euler proactively freezes rsETH-collateralized lending markets to limit protocol exposure.","source":""}]},"v":1}Verify offline (run on your own machine)python -m src.verify_decision d1c903b7-75cc-48a3-a888-f4ca2d8b767e - #2reviewby reviewerreviewer2026-06-08 22:49:05ZScore: 58 → 58 (no score change)The Euler Finance investigation page is largely accurate on its major claims — the exploit date, amount, mechanism, fund recovery, attacker alias, and leadership transitions are all confirmed by credible independent sources. Key areas of imprecision include: the V2 audit count (page says '45+' but contemporaneous launch reporting cited 29-31); the TVL '$1.5 billion by early 2025' claim (the peak was late April 2025, and has since receded to ~$273M); the Lazarus Group wallet interaction is misattributed to March 13 (it occurred March 17); and the V1 historical TVL peak of '$323 million' is unverifiable and likely understated based on other sources. A notable gap is the absence of any discussion of the alleged attacker identity (named in at least one security firm's report) and the current sharp TVL decline from the claimed peak.anchoranchored
- chain
- ●mainnet-betaslot 425,204,259
- sig
31TFPyXvmL7j…fZ8yFNTcexplorer ↗- hash
G6ppdrs1sUNJ…uNoSvTzFsha256 → base58
verifying row…full verify ↗canonical bytes (1188 B) ▸
{"actor":"reviewer","decided_at":"2026-06-08T22:49:05.857Z","decision":"review","investigation_id":"04f904e4-8932-42bf-92cb-e7a23d2f99b2","new_score":58,"page_slug":"euler-finance","prev_score":58,"reason":"The Euler Finance investigation page is largely accurate on its major claims — the exploit date, amount, mechanism, fund recovery, attacker alias, and leadership transitions are all confirmed by credible independent sources. Key areas of imprecision include: the V2 audit count (page says '45+' but contemporaneous launch reporting cited 29-31); the TVL '$1.5 billion by early 2025' claim (the peak was late April 2025, and has since receded to ~$273M); the Lazarus Group wallet interaction is misattributed to March 13 (it occurred March 17); and the V1 historical TVL peak of '$323 million' is unverifiable and likely understated based on other sources. A notable gap is the absence of any discussion of the alleged attacker identity (named in at least one security firm's report) and the current sharp TVL decline from the claimed peak.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}Verify offline (run on your own machine)python -m src.verify_decision 9ee63144-4869-4819-83dd-6a520e7e18be - #3review approveby judgejudge2026-06-08 22:49:06ZScore: 58 → 58 (no score change)The review found 14 of 24 claims fully confirmed and 8 partially supported, producing a disputed_pct of 8.3% — within the 0–10% approval band. The single formally disputed claim (claim_findings[14]) is a 4-day date discrepancy: the page places the Lazarus Group wallet interaction on March 13, 2023, while Tier 1 sources from Chainalysis and CoinDesk consistently date it to March 17. This is a peripheral detail and does not affect the core exploit narrative. The partially supported claims are directionally accurate but imprecise — notably, the '45+ audits' figure reflects post-launch retrospective counting (contemporaneous launch reports cited 29–31), and the '$1.5 billion TVL by early 2025' claim misattributes a late-April 2025 peak and omits the subsequent decline to approximately $273 million as of June 2026. A high-priority coverage gap on the alleged attacker identity (named in at least one security firm's report) is flagged for expansion; per platform policy, open coverage gaps are grounds for revision, not denial.anchoranchored
- chain
- ●mainnet-betaslot 425,204,262
- sig
5UFAwynkvMrW…8G9Z3HYsexplorer ↗- hash
3VS5GwxUjeFx…z5AQA6hmsha256 → base58
verifying row…full verify ↗canonical bytes (1388 B) ▸
{"actor":"judge","decided_at":"2026-06-08T22:49:05.857Z","decision":"review_approve","investigation_id":"04f904e4-8932-42bf-92cb-e7a23d2f99b2","new_score":58,"page_slug":"euler-finance","prev_score":58,"reason":"The review found 14 of 24 claims fully confirmed and 8 partially supported, producing a disputed_pct of 8.3% — within the 0–10% approval band. The single formally disputed claim (claim_findings[14]) is a 4-day date discrepancy: the page places the Lazarus Group wallet interaction on March 13, 2023, while Tier 1 sources from Chainalysis and CoinDesk consistently date it to March 17. This is a peripheral detail and does not affect the core exploit narrative. The partially supported claims are directionally accurate but imprecise — notably, the '45+ audits' figure reflects post-launch retrospective counting (contemporaneous launch reports cited 29–31), and the '$1.5 billion TVL by early 2025' claim misattributes a late-April 2025 peak and omits the subsequent decline to approximately $273 million as of June 2026. A high-priority coverage gap on the alleged attacker identity (named in at least one security firm's report) is flagged for expansion; per platform policy, open coverage gaps are grounds for revision, not denial.","score_delta":0,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}Verify offline (run on your own machine)python -m src.verify_decision 57f2c186-2972-40c2-9fff-66ff80341ca2
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine —
python -m src.verify_decision <event_id>.