On April 12, Ethereum-based noncustodial lending protocol Euler Finance announced that it would open redemptions after hackers returned the vast majority of assets stolen in a $197 million flash loan exploit last month.
Euler says it will repay all sub-account liabilities at the block the protocol was disabled on March 13. The on-chain price oracle, provided by either Uniswap or Chainlink, will determine the Ether (ETH) value of assets and liabilities. The company explained:
“Markets that have bad debt in excess of reserves (a few long-tail markets that suffered oracle attacks) will have the bad debt proportionally distributed amongst depositors in the market.”
Euler has created a smart contract containing funds for all exploited addresses, with an embedded Merkle tree. In order for redemptions to be processed, users’ addresses need to pass the Merkle proof of validity and “an acceptance token that is individually computed for each account, and confirms that the account holder agrees with the terms and conditions.”
Magazine: Should crypto projects ever negotiate with hackers? Probably
On April 4, the Euler Finance hacker returned nearly all recoverable funds following an ultimatum from project developers to either return 90% of stolen assets or face legal action. Following a brief lapse in communication, Euler launched a $1 million bounty for information leading to the whereabouts of the stolen funds and the hacker’s identity, which prompted the latter to return assets. In addition, a user convinced the hacker that he had lost his life savings due to the exploit, which prompted the hacker to return 100 ETH to the individual, who subsequently donated 12 ETH to the Euler treasury.
Redemptions open at 2:00 UTC.— Euler Labs (@eulerfinance) April 12, 2023
Check your redemption numbers:https://t.co/fAJr5Qdv1w
Check out the redemption plan: https://t.co/riAcyz8Wf0
A total of 95,556 ETH and 43 million DAI (DAI) have been recovered, with the amount being higher than the initial exploited total due to the rising price action of Ether within the past month. Additionally, 1,100 ETH was labeled irrecoverable after the hacker sent the coins to cryptocurrency mixer Tornado Cash.
Related: Euler Finance attack: How it happened, and what can be learned