In a remarkable turn of events, the individual who exploited Euler Finance has decided to return a substantial portion of the $200 million in stolen funds to the protocol.
As reported by blockchain security firm BlockSec, the Euler Finance hacker has been gradually returning the stolen funds over the past 24 hours. With the latest repayment of 7,737 ETH, the exploiter has now sent a total of 58,737 ETH, valued at around $102 million, back to the protocol.
This development is surprising given that the Euler hack occurred earlier this month, involving a flash loan attack that led to the loss of approximately $200 million in digital assets. The attack unfolded over six transactions involving dai (DAI), wrapped bitcoin (WBTC), staked ether (sETH), and USDC and was executed by two attackers, according to crypto analytics firm Meta Seluth.
The return of the stolen funds coincides with the exploiter sending an on-chain message to Euler, indicating a desire to reach an agreement with the protocol earlier this week.
“We want to make this easy on all those affected. No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement,” the hacker stated.
In response, the Euler team sent an on-chain message, acknowledging the communication and suggesting further discussions take place in private. They said, “Message received. Let’s talk in private on blockscan via the Euler Deployer address and one of your EOAs, via signed messages over email at [email protected], or any other channel of your choice. Reply with your preference.”
Before this, Euler had attempted to negotiate with the exploiter immediately following the exploit, demanding the return of 90% of the stolen funds within 24 hours to avoid potential legal consequences.
As of now, it remains unclear whether the Euler team has reached an agreement with the hacker, and if so, the specific conditions of that agreement.
Euler Finance Hackers Turn Against Each Other
In a surprising twist, some of the individuals involved in the Euler Finance exploit have now expressed a willingness to provide detailed information about other hackers.
On March 25, a wallet holding 10 million DAI, part of the stolen funds from Euler, posted an on-chain message indicating their readiness to provide comprehensive information about the Euler hacker. In exchange, they sought the 10% bounty that the project had previously offered.
Following this, a message from another wallet associated with the hack, identified as “Euler exploiter 3,” shared an email address and invited Euler to get in touch to share information about the hacker. Notably, they stated that they were not interested in claiming the bounty.
Notably, blockchain data indicates that an address controlled by the Euler Finance hacker sent 100 Ether (equivalent to $170,515) to a wallet associated with the Ronin Bridge exploiter, which is believed to be linked to the well-known North Korean hacker group, Lazarus Group.
This transfer of funds has led to speculations about a potential affiliation between the North Korean hackers and the party that exploited Euler Finance.
However, some users argued against the involvement of North Korean hackers when the Euler hacker sent around 100 ETH to a wallet address that was likely owned by one of the victims who had earlier appealed to the attacker to return their “life savings.”