North Korean Hacker Attempts To Phish Euler Finance Exploiter Via Encrypted Message

The Euler Finance exploiter, which held $200 million in stolen funds in its wallet, received an on-chain note on Tuesday from a wallet address linked with the Ronin Bridge attackers, known as the North Korean hacker group Lazarus.

The note includes an encrypted message with the sender asking the Euler’s exploiter to decrypt the message with the private keys. Experts believe it is an attempt to trap the Euler’s hacker in a phishing scheme to drain stolen funds from its wallet by stealing the login credentials. 

It was not the first time both hackers interacted with each other. On March 17, Euler’s exploiter sent 100 Ethereum to the Ronin attacker. 

Euler Finance is an Ethereum-based crypto lending platform enabling users to lend and borrow various crypto assets. Initially, the non-custodial DeFi protocol was hit by an exploit on March 13, resulting in around $200 million in losses. Since then, the victim firm has been in talks with the hacker via on-chain communication to settle the deal, asking the hacker to return funds. 

Interestingly, the hacker is cooperating with Euler Finance, as the data observed by the blockchain analytical firm Arkham Intel suggests. The security firm revealed that the exploiter had returned 3,000 ETHs (around $5.4 million) to Euler Finance.

The deal was nearly being settled with the hacker, as seen in on-chain messages on March 20. But the Lazarus hacker group’s entry has spurred confusion in the community as to what the hacker might do next.

Euler Finance Beware Hacker Of The Possible Phishing Attempt

Shortly after the wallet address linked to the Lazarus group sent a message to the hacker, developers from Euler Finance reached out on-chain to caution the exploiter about the possible phishing attempt.  Developers advised the hacker to return the stolen funds and further interacted with a separate message that reads; 

Do not try to view that message under any circumstance. Do not enter your private key anywhere. Remind that your machine may be also compromised.

Lazarus is a group of hackers known to be linked to North Korea aimed at targeting the crypto space to back its secret nuclear program.

Similarly, speaking on the latest message by Lazarus group hacker, Hudson Jameson, a senior developer at the Ethereum network, expressed;

In my opinion, it is unknown why they are asking, but it definitely could be an attempt to see if the Euler hacker falls for a phishing attempt.

The Euler team is still trying to negotiate with the exploiter to send the stolen funds back. The troubled project offered the hacker $20 million as a bounty, but the offer has been rejected, according to the data uncovered by the blockchain security firm PeckShield.