Euler Finance, a decentralized finance (DeFi) platform for borrowing and lending cryptocurrencies, took to Twitter Monday night to announce that the hackers responsible for the nearly $200 million attack on the protocol had returned “all of the recoverable funds.”
“Following successful negotiations, all of the recoverable funds taken from the Euler protocol on March 13 have now been successfully returned by the exploiter,” reads the post shared by Euler’s official Twitter account.
On-chain data shows the exploiter made two transactions worth 8,080 ETH and 2,500 ETH, respectively, as well as $12 million in the DAI stablecoin. The fiat value of the three transactions is estimated to be around $31 million.
The Euler team added that since hackers “did the right thing,” the Euler Foundation will no longer be accepting new information that would lead to their arrest, with the $1 million reward no longer available.
"Over the past three weeks, the patience and support of Euler users have been invaluable as everyone involved navigated through an exceptionally challenging situation," the Euler Foundation announced on its forum today. "A plan for the restoration of user assets will be laid out in the coming days for review and consideration by the Euler community."
The native token powering the DeFi project soared following the announcement. EUL is up more than 13% over the past 24 hours and currently trades hands at $3.95, per data from CoinGecko.
Just a day before the exploit, however, the token had been trading just above $6.
Because the exploiter did the right thing and returned the funds, and the $1 million reward campaign launched by the Euler Foundation will no longer be accepting new information.
Full details to follow tomorrow.
— Euler Labs (@eulerfinance) April 3, 2023
The Euler exploit
Euler Finance suffered a flash loan exploit on March 13 that drained the protocol of $196.9 million in various cryptocurrencies.
Shortly after, the attackers sent some of the coins tied to the exploit to the Tornado Cash mixing service, ignoring Euler’s ultimatum demanding the return of the money and announcing a $1 million bounty for the information that would help to identify and arrest the hackers.
It's not immediately clear why the hackers returned the funds. In a series of events over the past few weeks, they first sent a message to an Ethereum address linked to Euler, offering to begin a dialogue, saying that there was “no intention of keeping what is not ours.”
In a string of transactions executed between March 25 and March 28, the Euler exploiter returned a total of 84,951 ETH worth $147.8 million, as well as $29.9 million in DAI.
The hacker, who identified themselves as “Jacob,” once again turned to blockchain public messaging last week, apologizing for the attack.
“Jacob here. I don't think what I say will help me in any way but I still want to say it. I f--ked up,” reads one of the messages allegedly sent by the hacker. “I didn't want to, but I messed with others' money, others' jobs, others' lives. I really f--ked up. I'm sorry. I didn't mean all that. I really didn't f--king mean all that. Forgive me.”
They also stated that “the rest of the money will be returned ASAP.”
“I only look after my safety, and that is the reason for the delay," said the hacker in another message last week. "I'm sorry for any misunderstanding. Please read my next message.”
Editor's note: This article was updated on April 4, 2023, at 11 am ET to include comment from the Euler Foundation.