Verify a decision

{"actor":"system:backfill","investigation_id":"f33e91a4-0b1f-4ec9-925b-da21e05a4068","kind":"publish","page_slug":"euler-v1","published_at":"2026-05-20T18:44:20.046Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Euler V1","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://tokenterminal.com/resources/interview/interview-with-euler-finance-ceo-michael-bentley"},{"credibility":3,"name":"","type":"other","url":"https://www.gate.com/learn/articles/what-is-euler-finance-all-you-need-to-know-about-eul/5605"},{"credibility":3,"name":"","type":"other","url":"https://messari.io/project/euler-finance"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/219196/euler-finance-flash-loan-attacked-for-an-estimated-197-million"},{"credibility":3,"name":"","type":"other","url":"https://www.bloomberg.com/news/articles/2023-03-13/defi-s-euler-finance-hit-by-197-million-hack-experts-say"},{"credibility":3,"name":"","type":"other","url":"https://www.chainalysis.com/blog/euler-finance-flash-loan-attack/"},{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/4iSrYY6HoaYxk1aKyjFb5v-euler-finance-incident-analysis"},{"credibility":3,"name":"","type":"other","url":"https://www.cyfrin.io/blog/how-did-the-euler-finance-hack-happen-hack-analysis"},{"credibility":3,"name":"","type":"other","url":"https://www.zellic.io/blog/euler-finance-exploit-analysis/"},{"credibility":3,"name":"","type":"other","url":"https://blocksec.com/blog/euler-finance-incident-the-largest-hack-of-2023"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://etherscan.io/tx/0x62bd3d31a7b75c098ccf28bc4d4af8c4a191b4b9e451fab4232258079e8b18c4"},{"credibility":3,"name":"","type":"other","url":"https://etherscan.io/address/0xb2698c2d99ad2c302a95a8db26b08d17a77cedd4"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2023/03/21/hacker-vs-hacker-north-koreans-attempt-to-phish-euler-exploiter-of-200m-in-crypto-experts-say"},{"credibility":3,"name":"","type":"other","url":"https://cryptoslate.com/north-korean-lazarus-group-tries-to-phish-euler-exploiter/"},{"credibility":3,"name":"","type":"other","url":"https://www.coinbase.com/blog/euler-compromise-investigation-part-1-the-exploit"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2023/04/03/euler-says-all-recoverable-funds-stolen-in-200m-hack-have-been-returned"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2023/03/28/hacker-behind-200m-euler-attack-apologizes-returns-millions-in-ether-dai-to-protocol"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/224705/euler-hacker-returns-funds"},{"credibility":3,"name":"","type":"other","url":"https://www.euler.finance/blog/war-peace-behind-the-scenes-of-eulers-240m-exploit-recovery"},{"credibility":3,"name":"","type":"other","url":"https://fortune.com/crypto/2023/04/06/how-an-elite-team-pressured-a-hacker-to-return-200m-he-stole-from-defi-platorm-euler/"},{"credibility":3,"name":"","type":"other","url":"https://decrypt.co/125373/euler-finance-exploiter-returns-recoverable-funds-200m-hack"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/314655/euler-launches-v2-modular-defi-lending-protocol-following-hack"},{"credibility":3,"name":"","type":"other","url":"https://blockworks.com/news/euler-finance-exploit-comeback"},{"credibility":3,"name":"","type":"other","url":"https://thedefiant.io/news/people/euler-ceo-michael-bentley-steps-down"},{"credibility":3,"name":"","type":"other","url":"https://www.dlnews.com/articles/defi/euler-co-founder-lost-38m-worth-of-governance-tokens-after-hardware-failure/"},{"credibility":3,"name":"","type":"other","url":"https://www.ibtimes.com/exclusive-euler-labs-ceo-overcoming-exploit-re-emergence-security-first-v2-3741973"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/@omniscia.io/euler-finance-incident-post-mortem-1ce077c28454"},{"credibility":3,"name":"","type":"other","url":"https://olympixai.medium.com/eulers-197m-collapse-shows-why-invariants-matter-more-than-audits-451da9026e12"},{"credibility":3,"name":"","type":"other","url":"https://www.euler.finance/blog/securing-euler"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/euler-finance-attack-how-it-happened-and-what-can-be-learned"}]}],"sources_used":[],"summary":"Euler Finance V1 was a permissionless DeFi lending protocol on Ethereum that launched in December 2021 and was exploited for approximately $197 million on March 13, 2023, in what was the largest DeFi hack of that year. The attack exploited a missing health check in the donateToReserves function introduced in EIP-14, despite the codebase having undergone multiple external audits. In a highly unusual outcome, the pseudonymous attacker known as 'Jacob' returned all recoverable funds by April 3, 2023, with the total recovered value reaching approximately $240 million due to ETH price appreciation during the recovery period.","timeline":[{"date":"2020-01-01","event":"Euler Finance whitepaper published by founders including Michael Bentley.","source":""},{"date":"2021-01-01","event":"Euler Finance testnet launched.","source":""},{"date":"2021-12-01","event":"Euler Finance V1 launches on Ethereum mainnet.","source":""},{"date":"2022-07-01","event":"WatchPug audits EIP-14 upgrade for Sherlock; audit does not identify the donateToReserves vulnerability.","source":""},{"date":"2023-03-13","event":"Euler Finance V1 exploited via flash loan attack; approximately $197 million drained across DAI, USDC, stETH, and WBTC. Exploit transaction hash: 0x62bd3d31a7b75c098ccf28bc4d4af8c4a191b4b9e451fab4232258079e8b18c4.","source":""},{"date":"2023-03-13","event":"Euler Labs detects the attack and blocks the vulnerable module; protocol paused.","source":""},{"date":"2023-03-14","event":"Euler Labs announces $1 million reward for information leading to attacker identification and publicly offers attacker a 10% retention bounty (~$19.7M) to return remaining funds.","source":""},{"date":"2023-03-17","event":"Attacker sends 100 ETH to a wallet attributed by OFAC to North Korea's Lazarus Group, raising temporary state-actor attribution concerns.","source":""},{"date":"2023-03-18","event":"First return of funds: approximately 3,000 ETH (~$5.3M) transferred back to Euler.","source":""},{"date":"2023-03-21","event":"Lazarus Group-linked address sends on-chain phishing message to the Euler attacker, according to security researchers.","source":""},{"date":"2023-03-25","event":"Major return: 51,000 ETH (~$90M) returned by the attacker. Attacker using pseudonym 'Jacob' sends on-chain apology.","source":""},{"date":"2023-04-03","event":"Euler Labs announces all recoverable funds have been returned. Total recovered value: approximately $240 million (exceeding $197M stolen due to ETH price appreciation).","source":""},{"date":"2024-02-01","event":"Euler V2 announced following 31 additional security audits and extensive protocol redesign.","source":""},{"date":"2024-09-01","event":"Euler V2 launches on Ethereum mainnet with modular Euler Vault Kit (EVK) and Ethereum Vault Connector (EVC) architecture.","source":""}]},"v":1}