How the Euler Exploit Magnifies the Challenges of DeFi Adoption for Everyday People
When a heavily backed, 10-time audited and safety-first protocol gets hacked for nearly all of its funds, it raises the question of whether any DeFi protocol is truly safe.
by Adam Kreitzman, intern
Introduction
The crypto space has always been hard to navigate for the average person. From scam projects that rug users, to malicious transactions that can drain wallets, to the speed of light at which blockchain projects move, it can be challenging to keep up.
But setting all that aside, how would you advise someone to stay safe when using DeFi projects? The first thing you would tell them to do is only use dApps (Decentralized Applications) that have reputable backers, a fully-doxxed core team, and have received multiple third-party audits on their codebase that confirm the code operates appropriately.
Euler Finance Hack
This has been the recipe for success when establishing credibility within the space, so when Euler Finance–a top-tier lending protocol that was developed by a fully-doxxed and established team named Euler Labs, who had major backers, $200 million in Total Value Locked in their platform, as well as 10 third-party audits on their codebase–had nearly all $200 million drained in a Flash Loan attack recently, it left everyone devastated and scratching their heads.
The crypto space was not only lamenting the fact that some lost their life savings in this hack but also the fact that it exposed a glaring weakness in blockchain protocols: You can never be too sure when it comes to smart contract risk. Even a team that did everything the right way and prioritized security from the beginning suffered the horrible fate that gives everyone in the crypto space nightmares.
Fortunately, the exploiter has been in contact with the Euler Labs team and thus far has returned nearly 90% of the stolen funds, while indicating that the rest will follow. But even if this gets resolved in a way where users do not incur losses, it is problematic that the process for returning stolen funds involves a handshake bounty with a pseudonymous hacker, and this is the best case scenario for a situation like this.
For those who are unfamiliar with smart contract exploitation in DeFi, there are typically three tiers of hackers.
3 Types of Hackers
White Hat Hackers
The first tier is the white hat hacker. These hackers will typically exploit protocols and then safely hold the funds until the bug that allowed the exploit is patched by the team. Then they promptly return the funds minus a bug bounty that is agreed upon by the team. An example of this was the recent exploitation of Tender.Fi, a lending protocol on Arbitrum, where someone was able to take advantage of a mispriced oracle and subsequently take out $1.5 million in loaned funds despite only posting 1 dollar worth of collateral.
They quickly reached out to the team indicating that they intended to return the funds and were rewarded with roughly 100,000 in ETH as a bug bounty, which the team covered using protocol reserves so that users would be made whole.
This is typically considered to be the optimal outcome, and white hat hackers are looked at favorably seeing that they revealed a protocol-breaking bug and safely held funds while the team patched the bug before someone with worse intentions could find the same bug.
Gray Hat Hackers
The next tier of hackers is the gray hat hacker. These are the hackers who can exploit protocols but their intentions with the funds are not immediately clear. This was the case with the Euler Finance exploiter, as they initially funded the wallets they used for exploitation through sanctioned privacy protocol Tornado Cash, which was a possible indication they meant to try and run away with the funds, but eventually decided that the risk/reward ratio was not worth it.
(Side note: several messages sent on-chain suggest that the hacker was filled with regret from the fallout, but it is also impossible to know the true intentions of the hacker).
This is because moving that quantity of funds on chain without detection is exceedingly difficult, as even the most commonly used technology–mixers such as Tornado Cash–do not completely obfuscate the trail of funds, especially in larger quantities. Since mixers rely on the batching of several transactions to slash the link between sender and receiver (a visual depiction below, but note that significantly more wallets are typically involved), an increase in the quantity of funds makes undetectability far more difficult. Since both the sending and receiving wallets can be seen as interacting with the mixer’s smart contract, it gives a basis for detection, and leaves the exploiter with two main issues:
If they send too much at one time into the mixer, it might be easier to detect which receiving wallet is theirs, since it will account for a significant amount of the batched volume so the math would not be difficult to solve.
If they try to use a smaller amount of funds at a time in the mixer, then it will require far more interactions with the contract. For example, the Euler exploiter stole 80,000 ETH. If they decided to use Tornado Cash with 100 ETH at a time, it would require 800 contract interactions to extract the funds, again putting the exploiter’s receiving wallet at risk of detection since they would have significantly more volume of contract interactions compared to others using the mixer.
Naturally, you would think that the apparent solution to this would be spinning up new receiving wallets for every Tornado Cash transaction, which is more or less exactly what a hacker will do. The issue is that to make use of the funds, it will eventually require the movement of funds to a fiat offramp, of which there are limited and require KYC verification.
So, even if they mixed transactions to an extremely high number of different wallets and spread the offramp withdrawal to multiple different entities, there would still be a (albeit extremely complicated) trail of breadcrumbs that someone could eventually follow. Hackers have the ability to make the trail of funds as challenging as possible to crack, but when the quantity of stolen funds is high enough some people will spend years trying to solve the crime.
If you are a hacker who is presented with the choice between stealing $200 million and off-ramping it with a reasonable chance of being caught and arrested, even 5-10 years down the line, or walking away with $20 million and a guarantee that charges will not be brought upon you, game theory would dictate that you are more likely to choose the latter, though this is not always the case.
Such is the embodiment of the gray hat hacker.
Black Hat Hacker
Lastly, we have the least altruistic of hackers, which is the black hat hacker. This would be someone who exploits a protocol with zero intention of ever refunding the stolen money. A perfect example of this would be the Lazarus Group, which is a hacking team that operates out of North Korea, and were behind the 450 million dollar hack of Axie Infinity.
While running away with the funds without detection is typically a challenge, in the case of Lazarus, they simply do not care. Entities such as Chainalysis have been able to detect their involvement in several attacks with ease, but since they are in North Korea and likely operating under the instruction of the DPRK, they do not have to worry about arrest or extradition. In fact, the United Nations has actually accused the North Korean government of using stolen digital assets to fund nuclear missile development.
When a black hat hacker steals funds, they are more or less gone forever, and it is essentially the worst possible thing that can happen to a protocol and its users.
How this shapes the landscape of DeFi
While the continued improvement of fraud detection and on-chain transaction analysis bodes extremely well for the security of protocols and the probability of returned funds in the event of an exploit, for a normal person being exposed to DeFi, the idea that there is a non-zero percentage chance that a huge portion of their money could be in the hands of the North Korean governments Nuclear Missile fund (if the UN body is accurate in its accusation) if they pick the wrong protocol to use is going to be a hard sell, not to mention how institutions will feel.
If we want crypto to continue growing as an asset class, it needs to be a place where people feel comfortable allocating their funds, as opposed to a place where they place a small amount of money and consider it extremely risky. What does the road to this look like? There are several catalysts, both positive and negative, that could affect DeFi security.
Artificial Intelligence for smart contract security
OpenAI’s newly released GPT-4 has turned some heads with its ability to identify smart contract risks when presented with previous instances of code that were exploited. As LLMs (Large Language Models) continue to improve, utilizing them on top of third-party contract audits would add an additional layer of security to the platform.
On the flip side, this can be a dangerous conundrum as well. Hackers who are armed with LLMs that can identify smart contract risk can weaponize it for exploitation on newer protocols and make it extremely risky.
In theory, the use of LLMs to audit code would therefore prevent the use of LLMs to manipulate incorrectly implemented code, but in practice, it is never a guarantee.
Automating OpSec for the average user
If we look at the security measures taken by funds in the crypto space they probably do the following things:
Rotate wallets every so often to mitigate potential private key exploitation.
Limit exposure to certain protocols to a small percentage of total portfolio.
Use several different wallets and segregate each of them based on the contracts they are interacting with.
The issue is that this is both highly complex and not practical for the average user. If DeFi is supposed to be for the 99%, this means that it has to appeal to someone who only has $100 to deploy. If they are trying to follow proper OpSec and limit protocol exposure to 10% for instance, this would mean deploying $10 dollars across 10 different protocols.
Not only is this a tall ask for someone new to the space to keep track of all this, but between trading fees, gas fees and contract deployment fees, it is unlikely that the eventual returns would even be worth the hassle.
The solution to this is essentially two things: (1) A service that can automate asset deployment with proper OpSec for the average user so that they do not have to worry about tracking all their assets, and (2) the continued increase of scalability in blockchains and lowered fees.
(1) Is potentially being solved through DeFi vaults, which offer automated execution of DeFi strategies, while (2) is always being worked on by all smart contract platforms.
Acorns is an example of a robo-investor that has become quite popular in recent years and one of their key components is allowing users to choose a risk tolerance level, and it could be a matter of time before we see something similar with DeFi vaults where users can tailor their risks for asset allocation and returns from asset deployment. But taking the actual movement of funds out of the hands of users and also implementing proper security measures is the secret to unlocking mainstream interest. At the same time, the fees have to be low enough to entice people with fewer assets to manufacture competitive risk-adjusted returns.
What if privacy protocols get much stronger?
The inherent transparency of blockchain technology is one of its game-changing attributes, and as described earlier, even privacy protocols such as Tornado Cash are not entirely foolproof.
However, many teams are working on projects to improve on-chain privacy, and without a method for rooting out bad actors, advancements in this space could have the consequence of enabling large-scale theft.
With many pillars of DeFi being interconnected, the possible exploitation of smart contracts can loom as a constant systemic risk to certain ecosystems, no matter how small the chances are.
This question has to be answered when it comes to the development of privacy protocols, and finding ways to mitigate the undetected movement of stolen funds is paramount to building a system that can actually be used by the masses.
Conclusion
As currently constructed, the moat surrounding DeFi for the vast majority of people and institutions is fairly large. Fortunately, the open-source and composable nature of DeFi projects makes it much easier for developers to address these problems.
Finding ways to mitigate risk in DeFi and improve the overall experience for beginner-level users is the path for growing adoption.
For now, all we can do is sit tight and wait as the space continues to mature, as the one constant in crypto space is the constant improvement of its technology.