On Monday, the hacker behind last week’s nearly $200 million attack on Euler Finance sent a message to an Ethereum address linked to the DeFi platform, offering to begin a dialogue after Euler issued an on-chain ultimatum demanding the return of the funds.
“We want to make this easy on all those affected. No intention of keeping what is not ours,” the message embedded in an Ethereum transaction read. “Setting up secure communication. Let us come to an agreement.”
A Euler Finance representative confirmed to Decrypt that the company had seen the message, but declined to comment further.
On March 13, the DeFi platform for borrowing and lending cryptocurrencies suffered an attack using a flash loan exploit that drained approximately $196.9 million worth of various cryptocurrencies. That tally included $8.7 million in DAI stablecoin, $18.5 million in Wrapped Bitcoin (WBTC), $135.8 million worth of Staked Ethereum (stETH), and another $33.8 million in Circle’s USDC stablecoin.
Days after the attack, Euler Finance sent an on-chain message offering the hacker a deal to keep 10% of the $200 million stolen if they returned the remainder within 24 hours. When that did not happen, Euler Finance publicly announced a $1 million reward for information leading to the hacker’s arrest and the return of all funds.
Today the Euler Foundation is launching a $1M reward in the hope that this provides additional incentive for information that leads to the Euler protocol attacker’s arrest and the return of all funds extracted by the attacker.
— Euler Labs (@eulerfinance) March 15, 2023
Apparently undeterred by the $1 million reward, the attacker sent funds tied to the Euler exploit to the Tornado Cash mixing service on March 16—the 10 transactions totaled 1,000 ETH, or about $1.78 million today.
According to blockchain analysis firm Chainalysis, 2022 was the biggest year for crypto hacks and exploits to date, with some $3.8 billion stolen across DeFi protocols, centralized services, and more. Hackers linked to North Korea allegedly were responsible for $1.7 billion worth of the attacks.
In a report released after the Euler Finance attack, Chainaylsis reported that some of the ETH was sent to a wallet tied to last year's Axie Infinity Ronin bridge hack, which North Korea's state-sponsored Lazarus hacking group is believed to have conducted. That may point to the involvement of Lazarus in the Euler attack, Chainalysis wrote, but it could also be an attempt at misdirection by an unrelated attacker.