Euler Finance was attacked by a Hacker for 200 million dollars, causing multiple DeFi projects to be affected in a chain reaction.

Euler Finance, as one of the rare innovative decentralized finance projects after DeFi Summer, is unique in that it categorizes assets into different tiers based on risk, with each tier having different lending permissions. However, on March 13, the project suffered a hacker attack, resulting in a loss of approximately $200 million.

As a foundational lending protocol, the security of Euler is particularly important. Due to the composability feature of DeFi, this attack not only affected Euler itself but also impacted several other DeFi projects, resulting in tens of millions of dollars in collateral damage.

Angle Protocol is a decentralized project focused on non-USD stablecoins, primarily issuing the Euro stablecoin agEUR. Users can mint agEUR in two ways: first, by exchanging stablecoins like USDC 1:1 through the core module, where the price fluctuation risk is borne by the hedging agent of the leveraged trading exchange rate; second, by over-collateralizing assets like WETH through the lending module to mint. To enhance project returns and incentivize holders, Angle has developed yield strategies that put the collateral used for minting agEUR in the core module to work, with Euler being one of the important destinations for funds.

In this attack, Angle estimates a loss of approximately $17.61 million. Although the project previously had a surplus of $5.58 million, it still cannot fully cover the losses. Therefore, agEUR holders, liquidity providers, and the funds of hedge tokens will be treated as a whole and compensated proportionally. Users who minted agEUR through the lending module can still repay their loans and redeem their collateral.

A certain decentralized exchange lost 11.9 million USD due to bbeUSD (Euler Boosted USD). The exchange launched the Boosted Pools innovation in December 2021, aiming to enhance the yield for liquidity providers and facilitate users' entry and exit from lending protocols. Boosted Pools deposit part of the funds into lending protocols, while the remaining part is used for user trading.

In the Boosted Euler USD pool of this exchange, users can deposit three stablecoins: USDT, USDC, and DAI. These funds will be deposited into Euler, and users will receive LP tokens bbeUSD. bbeUSD can be paired with other tokens to participate in liquidity mining. However, this design also increases the scale of the losses incurred. Apart from the Boosted Euler USDC pool, LPs using bbeUSD in the trading pairs wstETH/bbeUSD, rETH/bbeUSD, TEMPLE/bbeUSD, and DOLA/bbeUSD can only redeem a portion of their funds.

Idle Finance, as a yield aggregator, offers three yield strategies: Best Yield, Senior Tranches, and Junior Tranches. Junior Tranches carry higher risk and yield, and may need to bear losses before Senior Tranches in the event of a security incident. Idle Finance automatically invests funds such as DAI, USDT, and ETH into multiple projects to generate yield and reinvest. Due to its preference for high-yield strategies, Euler Finance has become an important partner for Idle Finance. In this attack, Idle Finance's risk exposure to Euler in the Best Yield Vault and Yield Tranches was $5.3271 million and $5.6628 million, respectively, totaling approximately $10.99 million.

Yield Protocol is a fixed-rate lending protocol that operates similarly to zero-coupon bonds. Depositors receive fyTokens, which can be redeemed for the underlying asset at a 1:1 ratio after the maturity date and can be traded at a discount before maturity. The liquidity pool of Yield Protocol is built on top of Euler, with some funds deposited into Euler and some held in fyTokens. Before the attack, the funds deposited in Euler that were affected were less than $1.5 million, while the collateral of borrowers remained unaffected as it was held in Yield Protocol.

A certain yield aggregator stated that its yvUSDT and yvUSDC have a total risk exposure of 1.38 million USD to Euler due to the strategies using Idle and Angle. The resulting bad debts will be borne by the project's Treasury, and all Vaults are still operating normally.

Another yield aggregator mentioned that its USDC, USDT, and WETH Vaults are affected due to the use of Idle, but has not yet announced a specific handling plan, and advises users not to interact with these Vaults for the time being.

A certain USD stablecoin project suffered losses due to its stablecoin on the DOLA/bbeUSD trading pair on a decentralized exchange. The project stated that despite taking proactive measures to mitigate losses, it still lost $860,000 in funds.

A cryptocurrency asset management platform licensed by regulators in Switzerland, France, and Estonia has stated that its Earn strategy suffered partial losses in ETH and USDT, amounting to 1617.23 ETH and approximately 1.69 million USDT, which account for 2.27% and 29.52% of the subscribed capital, respectively. The platform will bear all losses.

The Zen Bull strategy developed by a certain decentralized options protocol has been affected. This strategy combines the Crab strategy and leveraged long positions in ETH, suitable for low-volatility markets where ETH prices are on an upward trend. Since the strategy requires collateral assets to leverage purchase ETH, it may involve collateralized borrowing in Euler, leading to losses. Currently, the protocol has not disclosed the specific amount of losses or the resolution plan.

As a DeFi security provider, a certain protocol previously reached a $10 million collaboration with Euler, responsible for auditing Euler's smart contracts and providing insurance. After Euler was attacked, the protocol has voted to pay $4.5 million to Euler and has executed a $3.3 million compensation.

Another fixed-rate lending protocol is indirectly affected by fixed-income assets such as trading Idle.