Euler’s Finance’s hacker sent a message to an Ethereum address.

EUL’s price rose after hacker’s transactions.

On 20 March, Euler Finance’s hacker sent a message to an Ethereum [ETH] address related to the DeFi platform. After Euler issued an on-chain ultimatum demanding the funds’ return, the hacker offered to start a dialogue.

The message, embedded in an Ethereum transaction, read:

“We want to make this easy on all those affected. No intention of keeping what is not ours… Setting up secure communication. Let us come to an agreement.”

After several hours, Euler responded with its own on-chain message, acknowledging the message and asking the exploiter to speak “in private.”

On March 13, the DeFi platform was attacked with a flash loan exploit, draining approximately $196.9 million in various cryptocurrencies.

We are aware and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it. https://t.co/bjm6xyYcxf — Euler Labs (@eulerfinance) March 13, 2023

This loot included $8.7 million in DAI stablecoin and $18.5 million in Wrapped Bitcoin [WBTC]. Around $135.8 million in Staked Ethereum [stETH] and $33.8 million in USD Coin [USDC] were also stolen.

A few days later, Euler Finance offered the hacker 10% of the $200 million stolen in exchange for returning the rest within 24 hours. When that did not happen, Euler Finance formally announced a $1 million reward for information on the hacker and the return of all funds.

Today the Euler Foundation is launching a $1M reward in the hope that this provides additional incentive for information that leads to the Euler protocol attacker’s arrest and the return of all funds extracted by the attacker. — Euler Labs (@eulerfinance) March 15, 2023

However, on 16 March, the hacker transferred funds associated with the Euler exploit to the Tornado Cash mixing service. The 10 transactions totaled 1,000 ETH (worth $1.74 million at the time of writing).

Other transactions from the exploiter’s wallet address also include 3000 ETH sent back to Euler Finance on 18 March, as well as funds sent to a possible apparent victim of the exploit.

Strategy for @eulerfinance exploit.

Yesterday the Hacker returned 3k eth (~5 mio USD) of the stolen ~200 mio USD to Euler.

To be exact the first transfer took place at 6:53 AM and this is where things are getting interesting. pic.twitter.com/OFxb4d59ze — Johannes(🫡) (@0xJohannes_) March 19, 2023

Unknown hacker mocking the system?

Johannes, a crypto Twitter user, pointed out that just minutes after these transactions, EUL‘s price went up by 70% from $2.3 to $3.95. He speculated that the hacker might be mocking the Euler team so others can profit if the funds are returned.

The language used by the exploiter indicates that more than one person is involved in the loot.

In an earlier tweet, blockchain analytics firm Chainalysis said that the wallet address to which 100 ETH was transferred was linked to North Korea. According to Chainalysis, this could be an intentional attempt to mislead investigators.

100 ETH stolen in Monday's #Euler Finance hack have moved to an address associated with a previous hack carried out by #NorthKorea-linked actors. This may mean the Euler hack is the work of #DPRK too, or could be misdirection by other hackers. We'll share more details as possible https://t.co/DxvGsc90Z8 pic.twitter.com/5QPphNTyYY — Chainalysis (@chainalysis) March 17, 2023