DEFIDEVELOPMENT

After Euler was hacked | Hackers have fully refunded, but users refuse to return Nexus Mutual insurance claims

share
After Euler was hacked | Hackers have fully refunded, but users refuse to return Nexus Mutual insurance claims

Using smart contracts to automatically enforce insurance claims, replacing long-standing disputes in insurance claims, has always been one of the most commonly cited applications of blockchain technology. However, this beautiful vision has been shattered in real-life cases, as how to remove uncontrollable factors such as human nature remains to be solved.

The DeFi lending protocol Euler Finance was hacked in early March, resulting in a loss of up to $197 million. Meanwhile, the insurance protocol Nexus Mutual has somewhat worked at this moment, compensating users nearly $2.4 million. However, the embarrassing part is that the hacker has already returned the funds to the users, and Nexus also wants to recover the insurance payout, but two claimants insisted on using the claim money to speculate on cryptocurrencies, ignoring the protocol's request.

Understanding the reason for Euler Finance's hack: attacked due to function logic error, resulting in a loss of approximately $197 million

Advertisement - Continue scrolling for more content

Euler Finance Hacker's Repayment Saga

The process of the Euler hacker returning the stolen funds is as follows:

  • March 13: Started transferring the stolen funds to Tornado Cash

  • March 16: Euler Foundation announced a reward of one million US dollars for information on the hacker

  • March 18: Hacker returned 3,000 ETH

  • March 26: Returned 58,737 ETH

  • March 28: Returned 23,214 ETH, 1,570 DAI

  • April 4: Returned the final 10,580 ETH

The hacker initially had a tough attitude and ignored Euler's moral persuasion and white hat bounty. Additionally, according to monitoring by 0xScope at the time, a victim requested the hacker to return their life savings of 78 wstETH through on-chain messages, and the hacker actually gave 100 ETH.

However, the hacker later made a complete U-turn, stating that they would return all funds as soon as possible, emphasizing that their only concern is personal safety and apologizing for any misunderstandings caused.

Nexus Policyholders Refuse Repayment

As the incident has not yet come to a complete end, the insurance protocol Nexus Mutual has paid out a total of 2.4 million US dollars in compensation. According to a report by CoinDesk, BraveNewDeFi, a communication lead at Nexus, stated that policyholders agreed that if the hacker repays the money, they must return the compensation funds to Nexus.

Notably, BraveNewDeFi emphasized that this is the first instance of a DeFi protocol vulnerability being exploited by a hacker and users benefiting from an insurance claim event.

Source: Nexus Mutual DAO Weekly Report

According to Dune statistics, 539 users have redeemed over 142 million US dollars from Euler, with six being policyholders. Four of them returned 380,000 US dollars, but the other two exchanged the compensation for USDC, WETH, and transferred it to other addresses.

Although 400,000 US dollars will not put Nexus in financial distress, the team still believes in saving where possible. BraveNewDeFi stated that if users insist on not repaying the compensation, Nexus will take legal action.