In a remarkable development, the Euler Finance exploiter has returned a huge portion of the $200 million stolen funds to the protocol.
According to data aggregated by blockchain security firm BlockSec, the Euler Finance hacker has been returning the stolen funds over the past 24 hours. With the latest repayment of 7,737 ETH, the exploiter has now sent a total of 58,737 ETH (worth around $102 million) to the protocol.
Another 7737 Eth from Euler exploiter to Euler finane, but using 0x46e0Be2DF97dAc791fC8e30Cf2b2E4f58c50Cf55 as an intermediary https://t.co/HN9Si8t02G pic.twitter.com/ugPFmohInX
— BlockSec (@BlockSecTeam) March 25, 2023
This marks a surprising turn of events in the Euler hack which saw the protocol fall victim to a flash loan attack earlier this month, resulting in the loss of around $200 million worth of digital assets.
The loss occurred over six transactions in dai (DAI), wrapped bitcoin (WBTC), staked ether (sETH) and USDC, and was carried out by two attackers, crypto analytic firm Meta Seluth said at the time.
The return of stolen funds comes as the exploiter sent an on-chain message to Euler calling for an agreement with the protocol earlier this week.
“We want to make this easy on all those affected. No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement,” the hacker said.
The Euler team responded with its own on-chain message, acknowledging the message and asking the exploiter to talk “in private.”
“Message received. Let’s talk in private on blockscan via the Euler Deployer address and one of your EOAs, via signed messages over email at [email protected], or any other channel of your choice. Reply with your preference,” Euler said.
Prior to this, Euler tried to cut a deal with the exploiter after the exploit, insisting that they return 90% of the funds they stole within 24 hours or potentially face legal consequences.
It still remains unclear if the Euler team has reached an agreement with the hacker, and if yes, on what conditions.
Euler Finance Hackers Turn Against Each Other
In another turn of events, some of the hackers involved in the Euler Finance exploit have been recently vowing to give detailed information about other hackers.
On March 25, a wallet containing 10 million of the DAI stolen from Euler sent out an on-chain message claiming they would be willing to give detailed information about the Euler hacker in exchange for the 10% bounty the project had previously offered.
Subsequently, a text from another wallet linked to the hack, which identified itself as “Euler exploiter 3,” shared an email address and asked Euler to contact them to spill the beans regarding the hacker. They even stated they were uninterested in the bounty.
okay turn of events
— DCF GOD (@dcfgod) March 25, 2023
the wallet w 10m of the stolen dai just sent this message
this shit is a movie pic.twitter.com/WhIx7UZAyX
Notably, blockchain data shows that an address controlled by Euler Finance’s hacker sent 100 Ether ($170,515) to a wallet associated with Ronin Bridge exploiter, which is believed to be the infamous North Korean hacker group Lazarus Group.
This fueled speculations about whether there might be some sort of affiliation between the North Korean hackers and the entity that exploited Euler Finance.
However, after the Euler hacker sent around 100 ETH to a wallet address likely owned by one of the victims that had earlier pleaded for the attacker to return their “life savings,” some users argued North Korean hackers are not likely to be involved.
WOW!@eulerfinance Exploiter returned 100 $ETH to some guy who begged him for the money back as it was his life savingshttps://t.co/Gz9aCUZB0H pic.twitter.com/DhZBenqtuS
— Wazz (@WazzCrypto) March 16, 2023