Is Hacked Euler Finance About to Get Its $197M Back?

Is Hacked Euler Finance About to Get Its $197M Back?

Created 11mo ago, last updated 11mo ago

First thought to be North Korean hackers, thieves returned $5.4 million worth of stolen Ether — followed by a message saying they "have no intention of keeping what is not ours."

Is Hacked Euler Finance About to Get Its $197M Back?

Table of Contents

Listen to the CoinMarketRecap podcast on Apple Podcasts, Spotify and Google Podcasts

The hack of crypto lender Euler Finance seems not to have been North Korean hackers after all.

On Saturday, they sent about 3,000 ETH worth $5.4 million back to Euler Labs.

And on Monday, the hackers sent a message to Euler via an Ethereum transaction:
"We want to make this easy on all those affected. No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement."

If the funds are returned, it won't be the biggest such turnaround.

In August 2021, a hacker eventually nicknamed "Mr. White Hat" returned $612 million to the Poly Network cross-chain bridge, in what was then thought to be the largest crypto hack ever.
A number of very large bridge hacks followed, including the new largest-ever hack of $625 million from Ronin Network — in which actual North Korean hackers from the Lazarus Group cleaned out play-to-earn game Axie Infinity's bridge.

A Bounty and a Misdirection

But Euler may just be getting lucky.

Having first offered to let the hackers keep $20 million and avoid prosecution if they returned the rest within 24 hours, Euler on March 15 issued a bounty:

"Today the Euler Foundation is launching a $1 million reward in the hope that this provides additional incentive for information that leads to the Euler protocol attacker's arrest and the return of all funds extracted by the attacker."

That was followed by news that $170,000 of the Ether stolen had been sent to a wallet address that had received funds from the Poly Network hack. And, some of the funds used to launch the attack had been run through the Tornado Cash mixing service that was placed under U.S. sanctions after extensive use by the Lazarus Group.

That news, supplied by blockchain intelligence firm Chainalysis, suggested the North Koreans were responsible.

But, citing the small size of the transaction, Chainalysis warned that "it's possible that this movement of funds was an attempt at misdirection by another hacking group."

Which appears to have been the case.

No Immunity

While Poly Network's hacker apparently began working with the project as a security consultant, it's worth noting that the Euler Labs offer of no prosecution won't mean much.

For one thing, the U.S. Justice Department arrested and charged Avraham Eisenberg in the $114 million Mango Markets exploit, which he had claimed was a "highly profitable trading strategy" and the feds and Securities and Exchange Commission — which sued him — called market manipulation.
This was after he'd reached an agreement with Mango Markets that included no prosecution and let him keep $47 million if he returned the rest. However, federal prosecutors are the ones who file charges, he discovered.

For another, funds used in the attack came through Tornado Cash after it had been placed under sanctions by the Treasury Department — a violation that comes with potentially very steep penalties of its own.

0 people liked this article