Euler Finance Hacker Returns $100 Million in Surprising Act – Here’s What Happened

DeFi Hack
Last updated:
Author
Ruholamin Haqshanas
Author Categories
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: AdobeStock / Tomasz Bidermann

In a remarkable development, the Euler Finance exploiter has returned a huge portion of the $200 million stolen funds to the protocol.

According to data aggregated by blockchain security firm BlockSec, the Euler Finance hacker has been returning the stolen funds over the past 24 hours. With the latest repayment of 7,737 ETH, the exploiter has now sent a total of 58,737 ETH (worth around $102 million) to the protocol. 

This marks a surprising turn of events in the Euler hack which saw the protocol fall victim to a flash loan attack earlier this month, resulting in the loss of around $200 million worth of digital assets.

The loss occurred over six transactions in dai (DAI), wrapped bitcoin (WBTC), staked ether (sETH) and USDC, and was carried out by two attackers, crypto analytic firm Meta Seluth said at the time. 

The return of stolen funds comes as the exploiter sent an on-chain message to Euler calling for an agreement with the protocol earlier this week. 

“We want to make this easy on all those affected. No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement,” the hacker said. 

The Euler team responded with its own on-chain message, acknowledging the message and asking the exploiter to talk “in private.” 

“Message received. Let’s talk in private on blockscan via the Euler Deployer address and one of your EOAs, via signed messages over email at [email protected], or any other channel of your choice. Reply with your preference,” Euler said. 

Prior to this, Euler tried to cut a deal with the exploiter after the exploit, insisting that they return 90% of the funds they stole within 24 hours or potentially face legal consequences.

It still remains unclear if the Euler team has reached an agreement with the hacker, and if yes, on what conditions. 

Euler Finance Hackers Turn Against Each Other

In another turn of events, some of the hackers involved in the Euler Finance exploit have been recently vowing to give detailed information about other hackers.

On March 25, a wallet containing 10 million of the DAI stolen from Euler sent out an on-chain message claiming they would be willing to give detailed information about the Euler hacker in exchange for the 10% bounty the project had previously offered.

Subsequently, a text from another wallet linked to the hack, which identified itself as “Euler exploiter 3,” shared an email address and asked Euler to contact them to spill the beans regarding the hacker. They even stated they were uninterested in the bounty.

Notably, blockchain data shows that an address controlled by Euler Finance’s hacker sent 100 Ether ($170,515) to a wallet associated with Ronin Bridge exploiter, which is believed to be the infamous North Korean hacker group Lazarus Group.

This fueled speculations about whether there might be some sort of affiliation between the North Korean hackers and the entity that exploited Euler Finance.

However, after the Euler hacker sent around 100 ETH to a wallet address likely owned by one of the victims that had earlier pleaded for the attacker to return their “life savings,” some users argued North Korean hackers are not likely to be involved. 

More Articles

Bitcoin News
North Carolina and Florida Push for Bitcoin Reserves
Hassan Shittu
Hassan Shittu
2025-02-10 23:39:40
Blockchain News
South Korean Coin Gate Lawmaker Kim Nam-guk Cleared of Wrongdoing
Tim Alper
Tim Alper
2025-02-10 23:30:00
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors