Euler Finance to enter talks with exploiter over the return of funds

Own this piece of history

Ethereum-based lending protocol Euler Finance could be a step closer to recovering funds stolen in a $196 million flash loan attack last week, with private discussions now initiated with the exploiter.

In an on-chain message to Euler on March 20, days after sending funds to a red-flagged North Korean address, the exploiter claimed they now want to “come to an agreement” with Euler.

“We want to make this easy on all those affected. No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement,” said the exploiter.

Hours later, Euler replied with its own on-chain message, acknowledging the message and asking the exploiter to talk “in private,” stating:

“Message received. Let's talk in private on blockscan via the Euler Deployer address and one of your EOAs, via signed messages over email at contact@euler.foundation, or any other channel of your choice. Reply with your preference.”

Euler had previously tried to cut a deal with the exploiter after the exploit, insisting that they return 90% of the funds they stole within 24 hours or potentially face legal consequences.

There was no response, and 24 hours later, Euler launched a $1 bounty reward for any information that could lead to the exploiters arrest and return of the funds.

While the identity of the exploiter is not known, the recent language used by the exploiter could suggest more than one person is involved.

In a March 17 Twitter post, blockchain analytics firm Chainalysis said the recent 100 Ether (ETH) transfer to a wallet address associated with North Korea could mean the hack is the work of the “DPRK.”

However, this could also be an attempt to intentionally misdirect investigators, the firm said.

Other transactions from the exploiter's wallet address include 3000 ETH which was sent back to Euler Finance on March 18, along with funds sent to crypto mixer Tornado Cash, and even an apparent victim of the exploit.

On March 20, another address reached out to Euler on-chain, claiming to have found a “solid string of connections” which could help them find out who and where the exploiter is.

Cointelegraph reached out to the Euler Foundation for comment but did not receive an immediate response.