Euler Finance hacker sends message to an Ethereum address belonging to the DeFi platform

On March 20, Euler Finance hacker sent a message to an Ethereum (ETH) address associated with the DeFi platform. In response, Euler issued an on-chain ultimatum demanding the return of the funds. The hacker then offered to start a dialogue to resolve the situation.

New message from the @eulerfinance exploiter

20 min ago:

“We want to make this easy on all those affected. No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement.”

👀https://t.co/nJQwaZ7Obh pic.twitter.com/33hv0UWIgj

— DavidHoffman.bedrock 🏴🦇🔊🔴_🔴 (@TrustlessState) March 20, 2023

After several hours, an on-chain response was issued by Euler, acknowledging the message and requesting the exploiter to communicate “in private.”

On March 13, Cryptopolitan reported that a flash loan exploit drained approximately $196.9 million in various cryptocurrencies from the DeFi platform Euler. Also, Euler Finance saw a substantial attack on their platform take place, resulting in the theft of $8.7 million worth of DAI stablecoin, $18.5 million of Wrapped Bitcoin (WBTC), and large amounts of Staked Ethereum (stETH) and USD Coin (USDC) totaling over $135.8 million and $33.8 million respectively.

In response, the platform offered the hacker a 10% reward for the stolen sum (over $200 million) if they returned all funds within 24 hours. When this failed, Euler Finance announced a $1 million reward for information on the hacker and the return of all stolen funds.

Today the Euler Foundation is launching a $1M reward in the hope that this provides additional incentive for information that leads to the Euler protocol attacker’s arrest and the return of all funds extracted by the attacker.

— Euler Labs (@eulerfinance) March 15, 2023

On March 16, the hacker transferred 1,000 ETH (worth $1.74 million at the time of writing) associated with the Euler exploit to the Tornado Cash mixing service in 10 separate transactions. Subsequently, on March 18, 3000 ETH was sent back to Euler Finance from the same wallet address. Additionally, funds were also directed to a possible victim of the exploit.

Strategy for @eulerfinance exploit.
Yesterday the Hacker returned 3k eth (~5 mio USD) of the stolen ~200 mio USD to Euler.
To be exact the first transfer took place at 6:53 AM and this is where things are getting interesting. pic.twitter.com/OFxb4d59ze

— Johannes(🫡) (@0xJohannes_) March 19, 2023

Johannes, a crypto Twitter user, noted that EUL’s price increased by 70% only minutes after the transactions occurred, from $2.3 to $3.95. Johannes speculated that the hacker might have been mocking the Euler team for others to benefit should the funds be returned. Additionally, the language used by the exploiter indicates that multiple persons are involved in the loot. Previously, blockchain analytics firm Chainalysis reported that the wallet address to which 100 ETH was transferred had ties to North Korea, leading them to believe it could have been a deliberate attempt to deceive investigators.

100 ETH stolen in Monday's #Euler Finance hack have moved to an address associated with a previous hack carried out by #NorthKorea-linked actors. This may mean the Euler hack is the work of #DPRK too, or could be misdirection by other hackers. We'll share more details as possible https://t.co/DxvGsc90Z8 pic.twitter.com/5QPphNTyYY

— Chainalysis (@chainalysis) March 17, 2023