A hacker who took advantage of Euler Finance gave back 3,000 ETH worth $5.4m to the DeFi protocol. This suggests that the platform and the hacker made a deal.
#CertiKSkynetAlert 🚨
The Euler Finance exploiter has transferred 3,000 ETH ($5.4M) to the @eulerfinance deployer.
Exploiter wallet currently holds ~81.9k ETH. pic.twitter.com/uZp6xVUUgM
— CertiK Alert (@CertiKAlert) March 18, 2023
Exploiter returns stolen Funds from Euler worth $5.4m
On March 18, the person who broke into Euler Finance sent about 3,000 ETH ($5.4 million) to the platform’s deployer address. PeckShield, a company that looked into the blockchain, found three transactions used to send money.
👀 https://t.co/4OBksAu9od pic.twitter.com/Zb3MIyex2f
— PeckShield Inc. (@peckshield) March 18, 2023
On March 13, Euler Finance was hacked in a flash loan attack—the person whom did it got away with $197 million.
The money was stolen in four separate transactions: $136 million in staked ether (stETH), $34 million in USDC, $19 million in wrapped Bitcoin (WBTC), and $8.7 million in DAI.
The attacker used a flash loan to control the protocol’s internal markets and take money from their bank account.
Later, the hacker moved 1,100 ETH ($1.8m) to the cryptocurrency exchange Tornado Cash to wash the stolen money.
On March 14, the protocol offered the hacker a 10% reward for returning 90% of the stolen funds.
But it said that if the money weren’t returned within 24 hours, it would offer a $1 million reward for information that led to the thieves’ arrest and the return of all the money.
Money is sent to Lazarus Group by a thief
Lookonchain says that on March 17, the hacker sent 100 ETH, or $170,500, to a wallet linked to Lazarus Group’s Ronin, a North Korean hacking group.
It needs to be clarified if Lazarus Group helped the Euler Finance exploiter or if they have anything to do with him.
After realizing donating to Lazarus was not a profitable trading strategy…
— 🫡 Ù‹ (@cryptyo) March 18, 2023
In April 2022, Lazarus Group was added to the list of “designated entities” by the U.S. Department of the Treasury.
No one knows if the attacker plans to give back the rest of the money.
