DeFi protocol Euler Finance is working with law enforcement and security firms to recover $197 million that was stolen from its platform.

On March 13, Euler confirmed that it had suffered an exploit after several blockchain security firms notified users of the attack. The non-custodial lending platform built on Ethereum raised $32 million in funding last year, with participation from Uniswap, Coinbase and FTX. 

According to analysis from SlowMist, the attacker used flash loans to deposit funds on Euler and then leveraged them to trigger the liquidation logic. To execute this strategy, he donated funds to a reserve address, which were not subject to a liquidity check. The high leverage triggered a soft liquidation, which enabled him to obtain the collateral funds without transferring all of the liabilities. 

The Euler attacker stole $116 million in wrapped staked ETH, $34.2 million in USDC, $18.6 million in wrapped BTC, $12.6 million in wrapped ETH, $8.9 million in DAI and $6 million in staked ETH, noted Igor Igamberdiev, head of research at Wintermute.

The exploit affected some other DeFi protocols that interacted with Euler, including liquidity protocol Balancer.

 Balancer briefly disabled the UI that allows liquidity providers to exit their positions from the Euler Boosted USD pool. While this functionality has now been restored, users won’t be able to withdraw from this pool until Euler restores transferability of collateral tokens or “eTokens.”

Other DeFi protocols, like Angle and Idle Finance, were also impacted by the Euler hack. Angle has $17.6 million USDC trapped in Euler through a generic optimized lender strategy contract, and DeFi yield aggregator Idle Finance has $4.6 million USDC stuck in the protocol.