‘No Intention of Keeping What Is Not Ours,’ Euler Finance Hacker Says

On Monday, the hacker behind last week’s nearly $200 million attack on Euler Finance sent a message to an Ethereum address linked to the DeFi platform, offering to begin a dialogue after Euler issued an on-chain ultimatum demanding the return of the funds.

“We want to make this easy on all those affected. No intention of keeping what is not ours,” the message embedded in an Ethereum transaction read. “Setting up secure communication. Let us come to an agreement.”

A Euler Finance representative confirmed to Decrypt that the company had seen the message, but declined to comment further.

 Decrypting DeFi

How Damaging Was the Euler Hack to DeFi's 'Money Legos' Promise?

Decrypting DeFi is Decrypt's DeFi email newsletter. (art: Grant Kempster) DeFi faced its very own contagion event this past week after Euler Finance was drained of nearly $200 million via six flash loans and a vulnerability. It was a major blow to the sector; Euler had been seen as the next great building block after Compound and Aave. Beyond flinging long-tail assets into the protocol and gambling risk à la Cream Finance, the popular crypto lender created isolated lending pools to help silo col...

On March 13, the DeFi platform for borrowing and lending cryptocurrencies suffered an attack using a flash loan exploit that drained approximately $196.9 million worth of various cryptocurrencies. That tally included $8.7 million in DAI stablecoin, $18.5 million in Wrapped Bitcoin (WBTC), $135.8 million worth of Staked Ethereum (stETH), and another $33.8 million in Circle’s USDC stablecoin.

Days after the attack, Euler Finance sent an on-chain message offering the hacker a deal to keep 10% of the $200 million stolen if they returned the remainder within 24 hours. When that did not happen, Euler Finance publicly announced a $1 million reward for information leading to the hacker’s arrest and the return of all funds.

Apparently undeterred by the $1 million reward, the attacker sent funds tied to the Euler exploit to the Tornado Cash mixing service on March 16—the 10 transactions totaled 1,000 ETH, or about $1.78 million today.

According to blockchain analysis firm Chainalysis, 2022 was the biggest year for crypto hacks and exploits to date, with some $3.8 billion stolen across DeFi protocols, centralized services, and more. Hackers linked to North Korea allegedly were responsible for $1.7 billion worth of the attacks.

In a report released after the Euler Finance attack, Chainaylsis reported that some of the ETH was sent to a wallet tied to last year's Axie Infinity Ronin bridge hack, which North Korea's state-sponsored Lazarus hacking group is believed to have conducted. That may point to the involvement of Lazarus in the Euler attack, Chainalysis wrote, but it could also be an attempt at misdirection by an unrelated attacker.