The decentralized finance (DeFi) industry has been growing at an incredible pace, with smart contracts holding billions of dollars in funds. However, this growth has also caught the attention of hackers, as evidenced by the $197-million Euler Finance exploit.

Since the attack on 13 March, the situation has been getting more dramatic by the day. But there is some good news: as of the latest update, over 50% of the stolen funds have been returned.

On 25 March, the Euler Finance hacker sent back 51,000 Ether (ETH) worth over $89 million to the deployer address. Later that day, the exploiter transferred another 7,737 ETH, equivalent to around $13 million.

Despite these returns, the hacker still retains control over some of the stolen funds. In fact, just a week ago, they sent 3,000 ETH worth nearly $5.4 million to a lending protocol.

Euler Finance, an Ethereum-based DeFi protocol, was targeted by a flash loan attack that drained assets worth $197 million in Dai, USD Coin (USDC), staked Ether (StETH), and wrapped Bitcoin (WBTC). The exploit has become the biggest DeFi hack of 2023 so far.

In response, Euler Finance announced a $1 million bounty for any information about the hacker. However, attempts to find a middle ground failed until the hacker sent an on-chain message to Euler Finance on 20 March, expressing a desire to “come to an agreement” with the lending protocol.

The Euler Finance exploit is just one example of the dangers faced by DeFi protocols. According to DeFiLlama, the total value hacked at the time of writing was $6.45 billion. In 2022, DeFi protocols lost over $3 billion to hacks, which was the worst year on record.

Although there was a lull during December and January, hackers returned in force in February. Seven protocols were attacked, resulting in $21 million of funds being stolen. One of the largest hacks was a flash loan reentrancy attack on Platypus Finance, where hackers siphoned off $8.5 million.

Of the hacks, 16% were attributed to the compromise of private keys, while nearly 8% of the funds were stolen due to access control exploits.