After the flash loan attack that stole nearly 200 million USD and seemed to not come to any compromise, the hacker recently suddenly returned 3000 ETH to Euler Finance.
According to on-chain investigator ZachXBT, on the afternoon of March 18, the hacker unexpectedly transferred back to Euler Finance 3000 ETH, equivalent to $ 5.4 million, out of a total of $ 197 million stolen.
Euler exploiter is now sending ETH to the Euler deployer (~3k ETH so far).
— ZachXBT (@zachxbt) March 18, 2023
This action took place right after both sides seemed to have reached no compromise. On the day the attack happened (March 13), Euler sent a message to the hacker to negotiate that if he returned 90% of the money, the project would pay 10% (equivalent to 19.7 million USD) as a bug bounty reward.
Even though he threatened that if he didn’t pay, Euler would offer a reward of 1 million USD for the community to track down and arrest himhowever, after 48 hours of waiting and no results, the project announced the bug bounty organization as promised.
If you have any information you believe will be helpful, please send it to the Euler Foundation at [email protected]
You can see the reward ready, at this address:https://t.co/al3xZg77yg
— Euler Labs (@eulerfinance) March 15, 2023
During this time, the hacker was discovered to have started transferring 1000 ETH to the Tornado Cash trading mixer to erase the money.
#PeckShieldAlert @eulerfinance exploiter on the move
~1,000 $ETH into Tornado Cash through intermediary address 0xc66d…c9ahttps://t.co/LAkY66YpoF pic.twitter.com/0XhQV1nbgn
— PeckShieldAlert (@PeckShieldAlert) March 16, 2023
In addition, hackers also gained attention when they refunded a victim of the hack. This person sent a message mentioning 78 ETH of the stolen money as his life savings, then the hacker returned this person’s wallet 100 ETH, which generously “gives” 22 ETH.
Recently, it has also appeared that the person behind this incident is the “notorious” hacker group Lazarus Group. According to a finding from Lookonchainattacker Euler Finance’s address transferred 100 ETH to a wallet used by Lazarus Group to cause the historic hack of Ronin of Axie Infinity last year.
It remains to be seen for now whether the attacker returns the rest of the funds to Euler. According to ZachXBT, this may be a troll because it is highly likely that the mastermind is Lazarus Group, Large-scale North Korean hacker organization has “fished” more than 1 billion USD in crypto in 2022.